CodeAvalanche Directory stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the administrator password via a direct request for _private/CADirectory.mdb. NOTE: some of these details are obtained from third party information.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Directory | Codeavalanche | nil (including) | nil (including) |