CVE-2008-3924

Name of the Vulnerable Software and Affected Versions Content Management Made Easy (CMME) versions 1.12 through 1.19

Description The issue concerns the "Make a backup" functionality, which stores sensitive information under the web root with insufficient access control. This allows remote attackers to discover account names and password hashes via a direct request for specific backup files, including "backup/cmme data.zip" and "backup/cmme cmme.zip".

Recommendations For CMME versions 1.12 through 1.19, consider restricting access to the backup files "backup/cmme data.zip" and "backup/cmme cmme.zip" to minimize the risk of exploitation. As a temporary workaround, limit access to the "Make a backup" functionality until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.