CVE-2009-0328

ROBS-PROJECTS Digital Sales IPN - Info Disclosure

Title source: llm
STIX 2.1

Description

ROBS-PROJECTS Digital Sales IPN (aka DS-IPN.NET or DS-IPN Paypal Shop) stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing user credentials via a direct request for Database/Sales.mdb.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Moudi · textwebappsasp
https://www.exploit-db.com/exploits/7816

References (3)

Core 3
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/7816
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/48082
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/33602

Scores

EPSS 0.0448
EPSS Percentile 89.2%

Details

CWE
CWE-264
Status published
Products (1)
robs-projects/digital_sales_ipn _nil_
Published Jan 29, 2009
Tracked Since Feb 18, 2026