Summary
ClearBudget is prone to an unauthorized-access vulnerability because it fails to properly restrict access to certain directories.
An attacker can exploit this vulnerability to gain access to database contents. Information harvested can lead to further attacks.
ClearBudget 0.6.1 is vulnerable
other versions may also be affected.
Solution
The vendor released an update to address this issue. Please see http://clearbudget.douteaud.com/ for more information.
Severity
Classification
-
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Advantech WebAccess Multiple Stack Based Buffer Overflow Vulnerabilities
- AeroMail Cross Site Request Forgery, HTML Injection and Cross Site Scripting Vulnerabilities
- Apache Tomcat Multiple Vulnerabilities June-09
- Abtp Portal Project 'ABTPV_BLOQUE_CENT' Parameter Local and Remote File Include Vulnerabilities
- Apache Struts2 showcase namespace XSS Vulnerability