CVE-2008-3924

EPSS 2.3%

The "Make a backup" functionality in Content Management Made Easy (CMME) 1.12 stores sensitive information under the web root with insufficient access control, which allows remote attackers to discover (1) account names and (2) password hashes via a direct request for (a) backup/cmme_data.zip or (b) backup/cmme_cmme.zip. NOTE: it was later reported that vector a also affects CMME 1.19.

Productos afectados

n/a · n/a

PoCs públicas encontradas — 1

cve_referencewww.exploit-db.com/exploits/6313no verificado

⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

http://secunia.com/advisories/31599 http://securityreason.com/securityalert/4220 https://exchange.xforce.ibmcloud.com/vulnerabilities/44684 https://www.exploit-db.com/exploits/6313 http://www.securityfocus.com/bid/30854