CVE-2009-0250

Ryneezy phoSheezy 0.2 - Info Disclosure

Title source: llm

Description

Ryneezy phoSheezy 0.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the file containing the administrator's password hash via a direct request for config/password.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Osirys · perlwebappsphp

https://www.exploit-db.com/exploits/7780

View Code ZIP pw:eip

References (5)

[Third Party Advisory, VDB Entry] http://osvdb.org/51411

[Vendor Advisory] http://secunia.com/advisories/33531

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/48056

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/7780

[Third Party Advisory] http://securityreason.com/securityalert/4935

Scores

EPSS 0.0599

EPSS Percentile 90.7%

Details

CWE

CWE-264

Status published

Products (1)

ryneezy/phosheezy 0.2

Published Jan 22, 2009

Tracked Since Feb 18, 2026