CVE-2009-1460

Severity

46%

Complexity

39%

Confidentiality

106%

razorCMS before 0.4 uses weak permissions for (1) admin/core/admin_config.php, which allows local users to obtain the administrator's password hash and FTP user credentials; and (2) the root directory, (3) datastore/, and (4) admin/core/, which allows local users to have an unspecified impact.

razorCMS before 0.4 uses weak permissions for (1) admin/core/admin_config.php, which allows local users to obtain the administrator's password hash and FTP user credentials; and (2) the root directory, (3) datastore/, and (4) admin/core/, which allows local users to have an unspecified impact.

CVSS 2.0 Base Score 4.6. CVSS Attack Vector: local. CVSS Attack Complexity: low. CVSS Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:P).

Overview

Type

razorCMS

First reported 15 years ago

2009-04-28 16:30:00

Last updated 7 years ago

2017-08-17 01:30:00

Affected Software

razorCMS 0.2

0.2

razorCMS 0.3 release candidate 2

0.3

References

20090416 razorCMS - Multiple Vulnerabilities

20090416 [follow-up] razorCMS - Multiple Vulnerabilities

53777

http://razorcms.co.uk/support/viewtopic.php?f=13&t=325

Vendor Advisory

34744

Vendor Advisory

34566

Exploit

razorcms-adminconfig-info-disclosure(49946)

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.