Lucene search
K

7 matches found

NVD
NVD
added 2008/09/04 6:41 p.m.14 views

CVE-2008-3924

The "Make a backup" functionality in Content Management Made Easy CMME 1.12 stores sensitive information under the web root with insufficient access control, which allows remote attackers to discover 1 account names and 2 password hashes via a direct request for a backup/cmmedata.zip or b...

4.3CVSS6.5AI score0.02253EPSS
Exploits0References5
Prion
Prion
added 2008/09/04 6:41 p.m.11 views

Improper access control

The "Make a backup" functionality in Content Management Made Easy CMME 1.12 stores sensitive information under the web root with insufficient access control, which allows remote attackers to discover 1 account names and 2 password hashes via a direct request for a backup/cmmedata.zip or b...

4.3CVSS7AI score0.02253EPSS
Exploits0References5Affected Software1
Prion
Prion
added 2008/09/04 6:41 p.m.24 views

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in admin.php in Content Management Made Easy CMME 1.12 allows remote attackers to trigger the logout of an administrative user via a logout action...

4.3CVSS7.4AI score0.01111EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2008/09/04 6:41 p.m.23 views

CVE-2008-3925

Cross-site request forgery CSRF vulnerability in admin.php in Content Management Made Easy CMME 1.12 allows remote attackers to trigger the logout of an administrative user via a logout action...

4.3CVSS6.8AI score0.01111EPSS
Exploits0References3
CVE
CVE
added 2008/09/04 6:0 p.m.43 views

CVE-2008-3924

Content Management Made Easy (CMME) 1.12 exposes sensitive data under the web root via its Make a backup feature, allowing remote attackers to directly request backup/cmme_data.zip or backup/cmme_cmme.zip to discover account names and password hashes. Vector a reportedly also affects CMME 1.19. T...

4.3CVSS6.5AI score0.02253EPSS
Exploits0References5Affected Software1
CVE
CVE
added 2008/09/04 6:0 p.m.44 views

CVE-2008-3926

CVE-2008-3926 affects Content Management Made Easy (CMME) 1.12. Two directory traversal flaws allow remote attackers to exploit the env parameter in the weblog action to index.php (read arbitrary files) or in the login action to admin.php (create arbitrary directories). The underlying issue is im...

5.8CVSS6.9AI score0.02302EPSS
Exploits1References6Affected Software1
Packet Storm
Packet Storm
added 2008/08/27 12:0 a.m.21 views

cmme-lfixsscsrf.txt

CMME 1.12 LFI/XSS/CSRF/Download Backup/MkDir Multiple Remote Vulnerabilities + Discovered By SirGod + www.mortal-team.org + Greetz : E.M.I.N.E.M,Ras,Puscasmarin,ToxicBlood,MesSiAH,xZu,HrN,kemrayz + Local File Inclusion Note : magicquotesgpc must be off. Example :...

7.4AI score
Exploits0
Rows per page
Query Builder