CVE DATABASE / CVE-2009-3597

CVE-2009-3597

CVSS 5 · MEDIUM

Summary

Digitaldesign CMS 0.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for autoconfig.dd.

CVSS 2.0 breakdown

Base score	5 (MEDIUM)
Vector	AV:N/AC:L/Au:N/C:P/I:N/A:N
Attack vector	NETWORK
Attack complexity	LOW
Confidentiality	PARTIAL
Integrity	NONE
Availability	NONE

Weakness type (CWE)

CWE-552

Affected products

Digitaldesign_cms_project digitaldesign cms

Check this CVE live

Use our free CVE Lookup tool for the latest NVD record, or browse the full CISA KEV catalog.

References

http://www.exploit-db.com/exploits/9115
https://exchange.xforce.ibmcloud.com/vulnerabilities/51676

Data: NIST NVD. NVD last modified 2026-04-23. Always verify against the vendor advisory before acting.