CVE-2009-1460

Name of the Vulnerable Software and Affected Versions razorCMS versions prior to 0.4

Description The issue concerns weak permissions in certain files and directories. Specifically, it affects the admin/core/admin config.php file, allowing local users to obtain sensitive information such as the administrator's password hash and FTP user credentials. Additionally, weak permissions in the root directory, datastore/, and admin/core/ directories may have an unspecified impact.

Recommendations For versions prior to 0.4, update to version 0.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the sensitive files and directories, such as admin/core/admin config.php, the root directory, datastore/, and admin/core/, to minimize the risk of exploitation.