1. Home
  2. CVE Database
  3. CVE-2009-0498
MEDIUM · 5.0

CVE-2009-0498

Virtual GuestBook (vgbook) 2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to gue...

Vulnerability Description

Virtual GuestBook (vgbook) 2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to guestbook.mdb.

CVSS Score

5.0

MEDIUM

AV:N/AC:L/Au:N/C:P/I:N/A:N
Confidentiality
PARTIAL
Integrity
NONE
Availability
NONE

Affected Products

VendorProductVersions
MinitdesignVirtual Guestbook2.1

Related Weaknesses (CWE)

CWE-264

References

FAQ

What is CVE-2009-0498?

CVE-2009-0498 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Virtual GuestBook (vgbook) 2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request to gue...

How severe is CVE-2009-0498?

CVE-2009-0498 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2009-0498?

Check the references section above for vendor advisories and patch information. Affected products include: Minitdesign Virtual Guestbook.