CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
Confidence
Low
EPSS
Percentile
82.5%
All Club CMS (ACCMS) 0.0.2 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain database configuration information, including credentials, via a direct request to accms.dat.
Vendor | Product | Version | CPE |
---|---|---|---|
paul_arbogast | accms | * | cpe:2.3:a:paul_arbogast:accms:*:*:*:*:*:*:*:* |
paul_arbogast | accms | 0.0.1a | cpe:2.3:a:paul_arbogast:accms:0.0.1a:*:*:*:*:*:*:* |
paul_arbogast | accms | 0.0.1c | cpe:2.3:a:paul_arbogast:accms:0.0.1c:*:*:*:*:*:*:* |
paul_arbogast | accms | 0.0.1d | cpe:2.3:a:paul_arbogast:accms:0.0.1d:*:*:*:*:*:*:* |
paul_arbogast | accms | 0.0.1e | cpe:2.3:a:paul_arbogast:accms:0.0.1e:*:*:*:*:*:*:* |
paul_arbogast | accms | 0.0.1f | cpe:2.3:a:paul_arbogast:accms:0.0.1f:*:*:*:*:*:*:* |
paul_arbogast | accms | 0.0.1g | cpe:2.3:a:paul_arbogast:accms:0.0.1g:*:*:*:*:*:*:* |
paul_arbogast | accms | 0.0.1h | cpe:2.3:a:paul_arbogast:accms:0.0.1h:*:*:*:*:*:*:* |