PT-2009-2538 · Accms · All Club Cms

Staker

Published

2009-08-25

Updated

2017-09-29

CVE-2008-7069

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions All Club CMS (ACCMS) versions 0.0.2 and earlier

Description The issue allows remote attackers to obtain database configuration information, including credentials, via a direct request to accms.dat. This is due to sensitive information being stored under the web root with insufficient access control.

Recommendations For All Club CMS (ACCMS) versions 0.0.2 and earlier, consider restricting access to the accms.dat file until a proper fix is available. As a temporary workaround, moving sensitive information outside of the web root or implementing proper access controls can help mitigate the risk of exploitation.

Exploit

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2008-7069

Affected Products

All Club Cms

PT-2009-2538 · Accms · All Club Cms

CVE-2008-7069

Weakness Enumeration

Related Identifiers

Affected Products

References · 3