Vulnerability Description
Ryneezy phoSheezy 0.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the file containing the administrator's password hash via a direct request for config/password.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ryneezy | Phosheezy | 0.2 |
Related Weaknesses (CWE)
References
- http://osvdb.org/51411
- http://secunia.com/advisories/33531Vendor Advisory
- http://securityreason.com/securityalert/4935
- https://exchange.xforce.ibmcloud.com/vulnerabilities/48056
- https://www.exploit-db.com/exploits/7780
- http://osvdb.org/51411
- http://secunia.com/advisories/33531Vendor Advisory
- http://securityreason.com/securityalert/4935
- https://exchange.xforce.ibmcloud.com/vulnerabilities/48056
- https://www.exploit-db.com/exploits/7780
FAQ
What is CVE-2009-0250?
CVE-2009-0250 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Ryneezy phoSheezy 0.2 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the file containing the administrator's password hash ...
How severe is CVE-2009-0250?
CVE-2009-0250 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-0250?
Check the references section above for vendor advisories and patch information. Affected products include: Ryneezy Phosheezy.