CVE-2008-5853

EUVD-2008-5823
Chilek Content Management System (aka ChiCoMaS) 2.0.4 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to (1) obtain database credentials via a direct request for config.inc or (2) read database backups via a request for a backup/ URI.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 90%
Affected Products (NVD)
VendorProductVersion
chicomaschicomas
𝑥
≤ 2.0.4
chicomaschicomas
2.0.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/30080
http://securityreason.com/securityalert/4872
http://www.bugreport.ir/index_59.htm
http://www.securityfocus.com/archive/1/499458/100/0/threaded
https://www.exploit-db.com/exploits/7532
http://secunia.com/advisories/30080
http://securityreason.com/securityalert/4872
http://www.bugreport.ir/index_59.htm
http://www.securityfocus.com/archive/1/499458/100/0/threaded
https://www.exploit-db.com/exploits/7532