Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:20654
HistoryOct 06, 2008 - 12:00 a.m.

CMME Multiple Information disclosure vulnerabilities

2008-10-0600:00:00
vulners.com
42

########################## WwW.BugReport.ir
###########################################

AmnPardaz Security Research & Penetration Testing Group

Title: CMME Multiple Information disclosure vulnerabilities

Vendor: http://cmme.oesterholt.net

Bug: Information Disclosure

Vulnerable Version: 1.19 (prior versions also may be affected)

Exploitation: Remote with browser

Exploit: Available

Fix Available: No!

Original Advisory: http://www.bugreport.ir/index_55.htm

###################################################################################

####################

  • Description:
    ####################

Quote from vendor: CMME means "Content Management Made Easy". It is a
web content management system that is easy to use, doesn't have a lot
of requirements

and allows for reasonable flexibility.

####################

  • Vulnerability:
    ####################

There are multiple vulnerabilities in CMME , which can be exploited by
malicious people to disclose potentially sensitive information.
these can be exploited to read the contents of data files on the
server via a specially crafted URL, without requiring a valid login.

±->Users Information Disclosure (Including MD5 Hashes)

POC: http://example.com/cmme/data/admin/users

±->Server Informaion (phpinfo)

POC: http://example.com/cmme/info.php

±->The Last generated server backup

POC: http://example.com/cmme/backup/cmme_data.zip

####################

  • Solution:
    ####################

Restrict and grant only trusted users access to the resources.

####################