|Very easy to exploit|
|(other affected products)||Published: Thu Nov 21 15:15:00 2019 UTC. Last Modified: Wed Nov 27 16:52:00 2019 UTC|
CPE matches: cpe:2.3:a:9base_project:9base:1\:6-6:*:*:*:*:*:*:*
9base 1:6-6 and 1:6-7 insecurely creates temporary files which results in predictable filenames.
- Limited access to information.
- Remote attacking is possible through the network and can be done by anyone (requires no authentication).
- No user interaction is required.
- The attack is estimated to have a high success rate, once attempted.
Damage and attack conditions obtained from CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N (CVSSv3)
Type of bug(s)
- CWE-20, Improper Input Validation: The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.