Description
The "Make a backup" functionality in Content Management Made Easy (CMME) 1.12 stores sensitive information under the web root with insufficient access control, which allows remote attackers to discover (1) account names and (2) password hashes via a direct request for (a) backup/cmme_data.zip or (b) backup/cmme_cmme.zip. NOTE: it was later reported that vector a also affects CMME 1.19.
Exploits (1)
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/44684
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/31599
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/30854
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/4220
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/6313
Scores
EPSS
0.0599
EPSS Percentile
90.7%
Details
CWE
CWE-264
Status
published
Products (1)
hans_oesterholt/cmme
1.12
Published
Sep 04, 2008
Tracked Since
Feb 18, 2026