CVE-2012-5892

Name of the Vulnerable Software and Affected Versions Havalite CMS versions 1.1.0 and earlier

Description The issue allows remote attackers to download the configuration database due to insufficient access control. This is because sensitive information is stored under the web root, making it accessible via a direct request for data/havalite.db3.

Recommendations For Havalite CMS versions 1.1.0 and earlier, consider restricting access to the data/havalite.db3 file until a proper fix is available. As a temporary workaround, moving sensitive information outside of the web root or implementing proper access controls can help mitigate the risk of exploitation.