Diskos CMS 6.x stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) artikler_prod.mdb or (2) medlemmer.mdb.
CPE | Name | Operator | Version |
---|---|---|---|
diskos_cms | eq | 6 |