CVE-2008-0135

Snitz Forums 2000 3.4.06 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for forum/snitz_forums_2000.mdb.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 86%
VendorProductVersion
snitz_communicationssnitz_forums_2000
𝑥
≤ 3.4.06
snitz_communicationssnitz_forums_2000
3.0
snitz_communicationssnitz_forums_2000
3.1
snitz_communicationssnitz_forums_2000
3.1:sr4
snitz_communicationssnitz_forums_2000
3.2.03
snitz_communicationssnitz_forums_2000
3.3
snitz_communicationssnitz_forums_2000
3.3.01
snitz_communicationssnitz_forums_2000
3.3.02
snitz_communicationssnitz_forums_2000
3.3.03
snitz_communicationssnitz_forums_2000
3.4.02
snitz_communicationssnitz_forums_2000
3.4.03
snitz_communicationssnitz_forums_2000
3.4.04
snitz_communicationssnitz_forums_2000
3.4.05
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://hackerscenter.com/archive/view.asp?id=28145
http://www.packetstormsecurity.org/0801-exploits/snitz-multi.txt
http://www.securityfocus.com/archive/1/485836/100/200/threaded
http://www.securityfocus.com/archive/1/485894/100/200/threaded
http://hackerscenter.com/archive/view.asp?id=28145
http://www.packetstormsecurity.org/0801-exploits/snitz-multi.txt
http://www.securityfocus.com/archive/1/485836/100/200/threaded
http://www.securityfocus.com/archive/1/485894/100/200/threaded