CVE-2014-8701

Name of the Vulnerable Software and Affected Versions Wonder CMS version 2014

Description The issue allows remote attackers to obtain sensitive information by viewing the /files/password API endpoint, which reveals the unsalted MD5 hashed password.

Recommendations For Wonder CMS version 2014, consider restricting access to the /files/password endpoint to minimize the risk of exploitation. As a temporary workaround, avoid storing sensitive information in this location until a more secure method is implemented. At the moment, there is no information about a newer version that contains a fix for this vulnerability.