PT-2008-3513 · Acidcat · Acidcat Cms
Publicado
2008-04-27
·
Atualizado
2018-10-11
·
CVE-2008-1992
CVSS v2.0
7.5
Alta
| Vetor | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Acidcat CMS version 3.4.1
Description
The issue allows remote attackers to bypass access restrictions to certain files, specifically default mail aspemail.asp, default mail cdosys.asp, and default mail jmail.asp, enabling them to relay email messages with modified
From, FromName, and To fields.Recommendations
For Acidcat CMS version 3.4.1, restrict access to the vulnerable files default mail aspemail.asp, default mail cdosys.asp, and default mail jmail.asp to prevent email relay attacks.
Exploit
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Acidcat Cms