CVE-2010-0984

Description

Acidcat CMS 3.5.3 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing credentials via a direct request for databases/acidcat_3.mdb.

Affected products

• acidcat / acidcat_cms3.5.3
• acidcat / acidcat_cms2.1.11 – 2.1.11
• acidcat / acidcat_cms2.1.12 – 2.1.12
• acidcat / acidcat_cms2.1.13 – 2.1.13
• acidcat / acidcat_cms3.3.5 – 3.3.5
• acidcat / acidcat_cms3.4.0 – 3.4.0
• acidcat / acidcat_cms3.4.1 – 3.4.1
• acidcat / acidcat_cms3.4.2 – 3.4.2
• acidcat / acidcat_cms3.5.0 – 3.5.0
• acidcat / acidcat_cms3.5.1 – 3.5.1
• acidcat / acidcat_cms3.5.2 – 3.5.2

References

• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/55329
• MISChttp://osvdb.org/61436
• EXPLOIThttp://packetstormsecurity.org/1001-exploits/acidcatcms-disclose.txt
• VENDOR_ADVISORYhttp://secunia.com/advisories/38084
• EXPLOIThttp://www.exploit-db.com/exploits/10972