exploitDog

CVE-2008-3924

Опубликовано: 04 сент. 2008

Источник: nvd

CVSS2: 4.3

EPSS Низкий

Описание

The "Make a backup" functionality in Content Management Made Easy (CMME) 1.12 stores sensitive information under the web root with insufficient access control, which allows remote attackers to discover (1) account names and (2) password hashes via a direct request for (a) backup/cmme_data.zip or (b) backup/cmme_cmme.zip. NOTE: it was later reported that vector a also affects CMME 1.19.

Ссылки

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:hans_oesterholt:cmme:1.12:*:*:*:*:*:*:*

EPSS

Процентиль: 90%

0.05992

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-264

Связанные уязвимости

GHSA-p8q5-xgw5-w952

github

почти 4 года назад

The "Make a backup" functionality in Content Management Made Easy (CMME) 1.12 stores sensitive information under the web root with insufficient access control, which allows remote attackers to discover (1) account names and (2) password hashes via a direct request for (a) backup/cmme_data.zip or (b) backup/cmme_cmme.zip. NOTE: it was later reported that vector a also affects CMME 1.19.

EPSS

Процентиль: 90%

0.05992

Низкий

4.3 Medium

CVSS2

Дефекты

CWE-264