CVE-2008-5853

Chilek Content Management System <2.0.4 - Info Disclosure

Title source: llm

Description

Chilek Content Management System (aka ChiCoMaS) 2.0.4 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to (1) obtain database credentials via a direct request for config.inc or (2) read database backups via a request for a backup/ URI.

Exploits (1)

exploitdb WRITEUP VERIFIED

by BugReport.IR · textwebappsphp

https://www.exploit-db.com/exploits/7532

View Code ZIP pw:eip

References (5)

Core 5

Core References

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/499458/100/0/threaded

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/7532

Exploit x_refsource_misc

http://www.bugreport.ir/index_59.htm

Third Party Advisory third-party-advisory x_refsource_sreason

http://securityreason.com/securityalert/4872

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/30080

Scores

EPSS 0.0618

EPSS Percentile 90.9%

Details

CWE

CWE-264

Status published

Products (2)

chicomas/chicomas 2.0.3

chicomas/chicomas < 2.0.4

Published Jan 06, 2009

Tracked Since Feb 18, 2026