Vulnerability Name: | CVE-2010-0976 (CCN-55331) | ||||||||
Assigned: | 2010-01-03 | ||||||||
Published: | 2010-01-03 | ||||||||
Updated: | 2017-08-17 | ||||||||
Summary: | Acidcat CMS 3.5.x does not prevent access to install.asp after installation finishes, which might allow remote attackers to restart the installation process and have unspecified other impact via requests to install.asp and other install_*.asp scripts. Note: the final installation screen states "Important: you must now delete all files beginning with 'install' from the root directory." | ||||||||
CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
| ||||||||
CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P) 7.1 High (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:H/RL:U/RC:UR)
4.7 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:H/RL:U/RC:UR)
| ||||||||
Vulnerability Type: | CWE-264 | ||||||||
Vulnerability Consequences: | Obtain Information | ||||||||
References: | Source: MITRE Type: CNA CVE-2010-0976 Source: MISC Type: Exploit http://packetstormsecurity.org/1001-exploits/acidcatcms-disclose.txt Source: CCN Type: Acidcat CMS Web site Acidcat ASP CMS Source: EXPLOIT-DB Type: UNKNOWN 10972 Source: CCN Type: OSVDB ID: 63077 Acidcat CMS install.asp Permission Weakness Installation Process Manipulation Source: XF Type: UNKNOWN acidcat-install-info-disclosure(55331) Source: XF Type: UNKNOWN acidcat-install-info-disclosure(55331) Source: EXPLOIT-DB Type: EXPLOIT Offensive Security Exploit Database [01-03-2010] | ||||||||
Vulnerable Configuration: | Configuration 1: Denotes that component is vulnerable | ||||||||
BACK |