Описание
All Club CMS (ACCMS) 0.0.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain database configuration information, including credentials, via a direct request to accms.dat.
Уязвимые конфигурации
Конфигурация 1Версия до 0.0.2 (включая)
Одно из
cpe:2.3:a:paul_arbogast:accms:*:*:*:*:*:*:*:*
cpe:2.3:a:paul_arbogast:accms:0.0.1a:*:*:*:*:*:*:*
cpe:2.3:a:paul_arbogast:accms:0.0.1c:*:*:*:*:*:*:*
cpe:2.3:a:paul_arbogast:accms:0.0.1d:*:*:*:*:*:*:*
cpe:2.3:a:paul_arbogast:accms:0.0.1e:*:*:*:*:*:*:*
cpe:2.3:a:paul_arbogast:accms:0.0.1f:*:*:*:*:*:*:*
cpe:2.3:a:paul_arbogast:accms:0.0.1g:*:*:*:*:*:*:*
cpe:2.3:a:paul_arbogast:accms:0.0.1h:*:*:*:*:*:*:*
EPSS
Процентиль: 86%
0.02974
Низкий
7.5 High
CVSS2
Дефекты
CWE-200
Связанные уязвимости
github
больше 3 лет назад
All Club CMS (ACCMS) 0.0.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain database configuration information, including credentials, via a direct request to accms.dat.
EPSS
Процентиль: 86%
0.02974
Низкий
7.5 High
CVSS2
Дефекты
CWE-200