CVE-2013-2563

CVE-2013-2563

EPSS 0.5%

Mambo CMS 4.6.5 uses world-readable permissions on configuration.php, which allows local users to obtain the admin password hash by reading the file.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://packetstormsecurity.com/files/108462/mambocms465-permdosdisclose.txt http://seclists.org/oss-sec/2013/q1/689 http://www.vapid.dhs.org/advisories/mambo_cms_4.6.5.html