CVE-2010-0984

Name of the Vulnerable Software and Affected Versions Acidcat CMS versions 3.5.3 and earlier

Description The issue allows remote attackers to download a database containing credentials due to insufficient access control. This is possible because sensitive information is stored under the web root, enabling attackers to access it via a direct request for databases/acidcat 3.mdb.

Recommendations For Acidcat CMS versions 3.5.3 and earlier, consider restricting access to the databases directory to prevent unauthorized downloads of sensitive information. As a temporary workaround, move sensitive databases outside of the web root until a more permanent solution is available.