CVE-2014-9702

Name of the Vulnerable Software and Affected Versions: Cmfive versions through 2015-03-15

Description: The issue allows remote attackers to obtain sensitive information, including usernames and passwords, via any request, such as a password reset request, when database connectivity malfunctions. This occurs due to a problem in the system/classes/DbPDO.php file.

Recommendations: For versions through 2015-03-15, as a temporary workaround, consider restricting access to the DbPDO.php file until a patch is available. Avoid using the system/classes/DbPDO.php file in requests that may lead to database connectivity malfunctions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.