VYPR
Unrated severityNVD Advisory· Published Mar 24, 2009· Updated Jun 16, 2026

CVE-2009-1053

CVE-2009-1053

Description

chaozzDB 1.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing user credentials via a direct request for user.tsv.

Affected products

4
  • Chaozz/Chaozzdb4 versions
    cpe:2.3:a:chaozz:chaozzdb:*:*:*:*:*:*:*:*+ 3 more
    • cpe:2.3:a:chaozz:chaozzdb:*:*:*:*:*:*:*:*range: <=1.2
    • cpe:2.3:a:chaozz:chaozzdb:1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:chaozz:chaozzdb:1.1:*:*:*:*:*:*:*
    • (no CPE)range: <=1.2

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.