Web File Explorer
CVEs (3)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2009-1495 | 0.03 | — | 0.05 | May 1, 2009 | Web File Explorer 3.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for data/db.mdb. | ||
| CVE-2009-1323 | 0.03 | — | 0.00 | Apr 17, 2009 | SQL injection vulnerability in body.asp in Web File Explorer 3.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||
| CVE-2009-1314 | 0.03 | — | 0.06 | Apr 17, 2009 | body.asp in Web File Explorer 3.1 allows remote attackers to create arbitrary files and execute arbitrary code via the savefile action with a file parameter containing a filename that has an executable extension. |
- CVE-2009-1495May 1, 2009risk 0.03cvss —epss 0.05
Web File Explorer 3.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for data/db.mdb.
- CVE-2009-1323Apr 17, 2009risk 0.03cvss —epss 0.00
SQL injection vulnerability in body.asp in Web File Explorer 3.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
- CVE-2009-1314Apr 17, 2009risk 0.03cvss —epss 0.06
body.asp in Web File Explorer 3.1 allows remote attackers to create arbitrary files and execute arbitrary code via the savefile action with a file parameter containing a filename that has an executable extension.