PT-2012-4351 · Artiphp · Artiphp Cms

Gjoko Krstic

Published

2012-05-21

Updated

2017-08-29

CVE-2012-2905

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Artiphp CMS version 5.5.0 Neo (r422)

Description The issue allows remote attackers to obtain sensitive information via a direct request due to the storage of database backups with predictable names under the web root and insufficient access control.

Recommendations For Artiphp CMS version 5.5.0 Neo (r422), consider restricting access to the database backup files to minimize the risk of exploitation. As a temporary workaround, move the database backups outside of the web root directory to prevent direct access. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

CVE-2012-2905

Affected Products

Artiphp Cms

PT-2012-4351 · Artiphp · Artiphp Cms

CVE-2012-2905

Weakness Enumeration

Related Identifiers

Affected Products

References · 8