vendor:
Digitaldesign CMS
by:
darkjoker
5.5
CVSS
MEDIUM
Database Disclosure
200
CWE
Product Name: Digitaldesign CMS
Affected Version From: Digitaldesign CMS v0.1
Affected Version To: Digitaldesign CMS v0.1
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
2009
Digitaldesign CMS v0.1 Database Disclosure Vulnerability
The exploit allows an attacker to disclose the database of Digitaldesign CMS v0.1. The vulnerability is due to the presence of an exposed autoconfig.dd file.
Mitigation:
The vendor should release a patch to secure the autoconfig.dd file and prevent unauthorized access to the database.