Vulnerability Description
Chilek Content Management System (aka ChiCoMaS) 2.0.4 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to (1) obtain database credentials via a direct request for config.inc or (2) read database backups via a request for a backup/ URI.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Chicomas | Chicomas | <= 2.0.4 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/30080Vendor Advisory
- http://securityreason.com/securityalert/4872
- http://www.bugreport.ir/index_59.htmExploit
- http://www.securityfocus.com/archive/1/499458/100/0/threaded
- https://www.exploit-db.com/exploits/7532
- http://secunia.com/advisories/30080Vendor Advisory
- http://securityreason.com/securityalert/4872
- http://www.bugreport.ir/index_59.htmExploit
- http://www.securityfocus.com/archive/1/499458/100/0/threaded
- https://www.exploit-db.com/exploits/7532
FAQ
What is CVE-2008-5853?
CVE-2008-5853 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Chilek Content Management System (aka ChiCoMaS) 2.0.4 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to (1) obtain database...
How severe is CVE-2008-5853?
CVE-2008-5853 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-5853?
Check the references section above for vendor advisories and patch information. Affected products include: Chicomas Chicomas.