CVE-2009-0250 : Ryneezy phoSheezy 0.2 stores sensitive information under the web root with insuf

Ryneezy phoSheezy 0.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the file containing the administrator's password hash via a direct request for config/password.

Published 2009-01-22 16:30:00

Updated 2025-04-09 00:30:58

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2009-0250

Ryneezy » Phosheezy » Version: 0.2
cpe:2.3:a:ryneezy:phosheezy:0.2:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2009-0250

EPSS FAQ

3.49%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 86 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2009-0250

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.0	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:N	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None

CWE ids for CVE-2009-0250

CWE-264

Assigned by: nvd@nist.gov (Primary)

References for CVE-2009-0250

Jump to

Vulnerability Details : CVE-2009-0250

Products affected by CVE-2009-0250

Exploit prediction scoring system (EPSS) score for CVE-2009-0250

CVSS scores for CVE-2009-0250

CWE ids for CVE-2009-0250

References for CVE-2009-0250