CVE-2010-0976

Sažetak

Acidcat CMS 3.5.x does not prevent access to install.asp after installation finishes, which might allow remote attackers to restart the installation process and have unspecified other impact via requests to install.asp and other install_*.asp scripts. NOTE: the final installation screen states "Important: you must now delete all files beginning with 'install' from the root directory."

Reference

http://packetstormsecurity.org/1001-exploits/acidcatcms-disclose.txt
http://www.exploit-db.com/exploits/10972
https://exchange.xforce.ibmcloud.com/vulnerabilities/55331

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

17-08-2017 - 01:32

Objavljeno

16-03-2010 - 19:30