CVE-2009-1322

Humayun Shabbir Bhutta Asp Product Catalog - Access Control

Title source: rule

Description

ASP Product Catalog 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing user credentials via a direct request for database/aspProductCatalog.mdb.

Exploits (1)

exploitdb WORKING POC VERIFIED

by AlpHaNiX · perlwebappsphp

https://www.exploit-db.com/exploits/8418

View Code ZIP pw:eip

References (2)

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/49859

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/8418

Scores

EPSS 0.0408

EPSS Percentile 88.6%

Details

CWE

CWE-264

Status published

Products (1)

humayun_shabbir_bhutta/asp_product_catalog 1.0

Published Apr 17, 2009

Tracked Since Feb 18, 2026