CVE-2010-0976

Acidcat CMS 3.5.x - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-0976. PoCs published by LionTurk.

AI-analyzed exploit summary This is a technical writeup describing multiple vulnerabilities in Acidcat CMS v3.5, including exposed database files and an install script. It provides paths to sensitive files but does not include functional exploit code.

Description

Acidcat CMS 3.5.x does not prevent access to install.asp after installation finishes, which might allow remote attackers to restart the installation process and have unspecified other impact via requests to install.asp and other install_*.asp scripts. NOTE: the final installation screen states "Important: you must now delete all files beginning with 'install' from the root directory."

Exploits (1)

exploitdb WRITEUP VERIFIED
by LionTurk · textwebappsasp
https://www.exploit-db.com/exploits/10972

This is a technical writeup describing multiple vulnerabilities in Acidcat CMS v3.5, including exposed database files and an install script. It provides paths to sensitive files but does not include functional exploit code.

Classification
Writeup 80%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Reliable
Target: Acidcat CMS v3.5
No auth needed
Prerequisites: Access to the target web server
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/55331
Exploit, Third Party Advisory exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/10972

Scores

EPSS 0.0229
EPSS Percentile 80.9%

Details

CWE
CWE-264
Status published
Products (4)
acidcat/acidcat_cms 3.5.0
acidcat/acidcat_cms 3.5.1
acidcat/acidcat_cms 3.5.2
acidcat/acidcat_cms 3.5.3
Published Mar 16, 2010
Tracked Since Feb 18, 2026