Acidcat CMS 3.5.3 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing credentials via a direct request for databases/acidcat_3.mdb.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Acidcat_cms | Acidcat | * | 3.5.3 (including) |
| Acidcat_cms | Acidcat | 2.1.11 (including) | 2.1.11 (including) |
| Acidcat_cms | Acidcat | 2.1.12 (including) | 2.1.12 (including) |
| Acidcat_cms | Acidcat | 2.1.13 (including) | 2.1.13 (including) |
| Acidcat_cms | Acidcat | 3.3.5 (including) | 3.3.5 (including) |
| Acidcat_cms | Acidcat | 3.4.0 (including) | 3.4.0 (including) |
| Acidcat_cms | Acidcat | 3.4.1 (including) | 3.4.1 (including) |
| Acidcat_cms | Acidcat | 3.4.2 (including) | 3.4.2 (including) |
| Acidcat_cms | Acidcat | 3.5.0 (including) | 3.5.0 (including) |
| Acidcat_cms | Acidcat | 3.5.1 (including) | 3.5.1 (including) |
| Acidcat_cms | Acidcat | 3.5.2 (including) | 3.5.2 (including) |
References
- http://osvdb.org/61436
- http://packetstormsecurity.org/1001-exploits/acidcatcms-disclose.txt
- http://secunia.com/advisories/38084
- http://www.exploit-db.com/exploits/10972
- https://exchange.xforce.ibmcloud.com/vulnerabilities/55329
- http://osvdb.org/61436
- http://packetstormsecurity.org/1001-exploits/acidcatcms-disclose.txt
- http://secunia.com/advisories/38084
- http://www.exploit-db.com/exploits/10972
- https://exchange.xforce.ibmcloud.com/vulnerabilities/55329