Acidcat CMS 3.5.3 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing credentials via a direct request for databases/acidcat_3.mdb.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Acidcat_cms | Acidcat | * | 3.5.3 (including) |
| Acidcat_cms | Acidcat | 2.1.11 (including) | 2.1.11 (including) |
| Acidcat_cms | Acidcat | 2.1.12 (including) | 2.1.12 (including) |
| Acidcat_cms | Acidcat | 2.1.13 (including) | 2.1.13 (including) |
| Acidcat_cms | Acidcat | 3.3.5 (including) | 3.3.5 (including) |
| Acidcat_cms | Acidcat | 3.4.0 (including) | 3.4.0 (including) |
| Acidcat_cms | Acidcat | 3.4.1 (including) | 3.4.1 (including) |
| Acidcat_cms | Acidcat | 3.4.2 (including) | 3.4.2 (including) |
| Acidcat_cms | Acidcat | 3.5.0 (including) | 3.5.0 (including) |
| Acidcat_cms | Acidcat | 3.5.1 (including) | 3.5.1 (including) |
| Acidcat_cms | Acidcat | 3.5.2 (including) | 3.5.2 (including) |