CVE-2007-0153

2007-01-0918:00:00

mitre

www.cve.org

6.3 Medium

AI Score

Confidence

Low

0.012 Low

EPSS

Percentile

84.9%

JSON

AJLogin 3.5 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for ajlogin.mdb.

References

osvdb.org/33404

securityreason.com/securityalert/2127

www.securityfocus.com/archive/1/456226/100/0/threaded

exchange.xforce.ibmcloud.com/vulnerabilities/31331