7 matches found
CVE-2008-3924
The "Make a backup" functionality in Content Management Made Easy CMME 1.12 stores sensitive information under the web root with insufficient access control, which allows remote attackers to discover 1 account names and 2 password hashes via a direct request for a backup/cmmedata.zip or b...
Improper access control
The "Make a backup" functionality in Content Management Made Easy CMME 1.12 stores sensitive information under the web root with insufficient access control, which allows remote attackers to discover 1 account names and 2 password hashes via a direct request for a backup/cmmedata.zip or b...
Cross site request forgery (csrf)
Cross-site request forgery CSRF vulnerability in admin.php in Content Management Made Easy CMME 1.12 allows remote attackers to trigger the logout of an administrative user via a logout action...
CVE-2008-3925
Cross-site request forgery CSRF vulnerability in admin.php in Content Management Made Easy CMME 1.12 allows remote attackers to trigger the logout of an administrative user via a logout action...
CVE-2008-3924
Content Management Made Easy (CMME) 1.12 exposes sensitive data under the web root via its Make a backup feature, allowing remote attackers to directly request backup/cmme_data.zip or backup/cmme_cmme.zip to discover account names and password hashes. Vector a reportedly also affects CMME 1.19. T...
CVE-2008-3926
CVE-2008-3926 affects Content Management Made Easy (CMME) 1.12. Two directory traversal flaws allow remote attackers to exploit the env parameter in the weblog action to index.php (read arbitrary files) or in the login action to admin.php (create arbitrary directories). The underlying issue is im...
cmme-lfixsscsrf.txt
CMME 1.12 LFI/XSS/CSRF/Download Backup/MkDir Multiple Remote Vulnerabilities + Discovered By SirGod + www.mortal-team.org + Greetz : E.M.I.N.E.M,Ras,Puscasmarin,ToxicBlood,MesSiAH,xZu,HrN,kemrayz + Local File Inclusion Note : magicquotesgpc must be off. Example :...