CVE-2010-1066

AR Web Content Manager (AWCM) 2.1 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-1066. PoCs published by alnjm33.

AI-analyzed exploit summary This is a writeup describing an information leak vulnerability in AWCM 2.1, where accessing a specific path allows unauthorized database backup downloads. No exploit code is provided, only instructions.

Description

AR Web Content Manager (AWCM) 2.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for control/db_backup.php.

Exploits (1)

exploitdb WRITEUP VERIFIED

by alnjm33 · textwebappsphp

https://www.exploit-db.com/exploits/11025

View Code ZIP pw:eip

This is a writeup describing an information leak vulnerability in AWCM 2.1, where accessing a specific path allows unauthorized database backup downloads. No exploit code is provided, only instructions.

Classification

Writeup 80%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: AWCM version 2.1

No auth needed

Prerequisites: knowledge of the target path

MITRE ATT&CK

T1592 - Gather Victim Host Information

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Exploit exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/11025

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/38065

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/55445

Exploit x_refsource_misc

http://packetstormsecurity.org/1001-exploits/awcm-backup.txt

Scores

EPSS 0.0246

EPSS Percentile 82.3%

Details

CWE

CWE-264

Status published

Products (1)

the-ghost/ar_web_content_manager 2.1

Published Mar 23, 2010

Tracked Since Feb 18, 2026