CVE-2010-0984

Acidcat CMS <3.5.3 - Info Disclosure

Title source: llm
STIX 2.1

Description

Acidcat CMS 3.5.3 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing credentials via a direct request for databases/acidcat_3.mdb.

Exploits (1)

exploitdb WRITEUP VERIFIED
by LionTurk · textwebappsasp
https://www.exploit-db.com/exploits/10972

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/55329
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/61436
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/38084
Exploit exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/10972

Scores

EPSS 0.0657
EPSS Percentile 91.2%

Details

CWE
CWE-264
Status published
Products (11)
acidcat/acidcat_cms 2.1.11
acidcat/acidcat_cms 2.1.12
acidcat/acidcat_cms 2.1.13
acidcat/acidcat_cms 3.3.5
acidcat/acidcat_cms 3.4.0
acidcat/acidcat_cms 3.4.1
acidcat/acidcat_cms 3.4.2
acidcat/acidcat_cms 3.5.0
acidcat/acidcat_cms 3.5.1
acidcat/acidcat_cms 3.5.2
... and 1 more
Published Mar 16, 2010
Tracked Since Feb 18, 2026