N/A

The "Make a backup" functionality in Content Management Made Easy (CMME) 1.12 stores sensitive information under the web root with insufficient access control, which allows remote attackers to discover (1) account names and (2) password hashes via a direct request for (a) backup/cmme_data.zip or (b) backup/cmme_cmme.zip. NOTE: it was later reported that vector a also affects CMME 1.19.

N/A

N/A

Content Management Made Easy信息泄露漏洞

Content Management Made Easy是一个开源的web管理系统。 Content Management Made Easy (CMME) 1.12版本中的"文件备份"功能在web根下储存敏感信息而未赋予足够的访问控制，这使得远程攻击者可以借助需要backup/cmme_data.zip或backup/cmme_cmme.zip的直接请求，发现账户名和密码信息。

N/A

N/A