Codeavalanche : Security Vulnerabilities, CVEs,
CodeAvalanche FreeForum stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the password via a direct request for _private/CAForum.mdb. NOTE: some of these details are obtained from third party information.
Max CVSS
5.0
EPSS Score
0.66%
Published
2009-01-21
Updated
2017-09-29
CodeAvalanche Articles stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator password via a direct request for _private/CAArticles.mdb. NOTE: some of these details are obtained from third party information.
Max CVSS
7.5
EPSS Score
2.16%
Published
2009-01-12
Updated
2017-09-29
CodeAvalanche FreeForAll stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator password via a direct request for _private/CAFFAPage.mdb. NOTE: some of these details are obtained from third party information.
Max CVSS
7.5
EPSS Score
2.03%
Published
2009-01-12
Updated
2017-09-29
CodeAvalanche Directory stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator password via a direct request for _private/CADirectory.mdb. NOTE: some of these details are obtained from third party information.
Max CVSS
7.5
EPSS Score
2.16%
Published
2009-01-12
Updated
2017-09-29
CodeAvalanche FreeWallpaper stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator password via a direct request for _private/CAFreeWallpaper.mdb. NOTE: some of these details are obtained from third party information.
Max CVSS
7.5
EPSS Score
2.03%
Published
2009-01-12
Updated
2017-09-29
CodeAvalanche RateMySite stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator password via a direct request for _private/CARateMySite.mdb. NOTE: some of these details are obtained from third party information.
Max CVSS
7.5
EPSS Score
2.16%
Published
2009-01-12
Updated
2017-09-29
6 vulnerabilities found