CVE-2008-3924

Sažetak

The "Make a backup" functionality in Content Management Made Easy (CMME) 1.12 stores sensitive information under the web root with insufficient access control, which allows remote attackers to discover (1) account names and (2) password hashes via a direct request for (a) backup/cmme_data.zip or (b) backup/cmme_cmme.zip. NOTE: it was later reported that vector a also affects CMME 1.19.

Reference

http://secunia.com/advisories/31599
http://securityreason.com/securityalert/4220
http://www.securityfocus.com/bid/30854
https://exchange.xforce.ibmcloud.com/vulnerabilities/44684
https://www.exploit-db.com/exploits/6313

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

29-09-2017 - 01:31

Objavljeno

04-09-2008 - 18:41