Written by Room-Hacker
Monday, 02 March 2009 22:44
ClearBudget Invalid '.htaccess' Unauthorized Access Vulnerability
Feb 05 2009 12:00AM
Mar 02 2009 08:16PM
ClearBudget ClearBudget 0.6.1
ClearBudget ClearBudget 0.7.1
ClearBudget is prone to an unauthorized-access vulnerability because it fails to properly restrict access to certain directories.
An attacker can exploit this vulnerability to gain access to database contents. Information harvested can lead to further attacks.
ClearBudget 0.6.1 is vulnerable; other versions may also be affected.
Attackers may exploit this issue via a browser.
The following example URI is available:
The vendor released an update to address this issue. Please see the references for more information.