CVE-2009-5019

Webwiz Web Wiz Newspad - Access Control

Title source: rule

Description

Web Wiz NewsPad stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for database/NewsPad.mdb.

Exploits (2)

exploitdb WRITEUP VERIFIED

by keracker · textwebappsasp

https://www.exploit-db.com/exploits/15544

View Code ZIP pw:eip

exploitdb WRITEUP VERIFIED

by ViRuSMaN · textwebappsasp

https://www.exploit-db.com/exploits/10637

View Code ZIP pw:eip

References (4)

Core 4

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/55043

Exploit x_refsource_misc

http://packetstormsecurity.org/files/view/84294/webwiznewspad-disclose.txt

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/15544

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/10637

Scores

EPSS 0.0621

EPSS Percentile 90.9%

Details

CWE

CWE-264

Status published

Products (4)

webwiz/web_wiz_newspad 1.0

webwiz/web_wiz_newspad 1.01

webwiz/web_wiz_newspad 1.02

webwiz/web_wiz_newspad 1.03

Published Dec 01, 2010

Tracked Since Feb 18, 2026