CVE-2010-0976 - OpenCVE

Acidcat CMS 3.5.x does not prevent access to install.asp after installation finishes, which might allow remote attackers to restart the installation process and have unspecified other impact via requests to install.asp and other install_*.asp scripts. NOTE: the final installation screen states "Important: you must now delete all files beginning with 'install' from the root directory."

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Acidcat	Acidcat Cms

Configuration 1 [-]

OR	cpe:2.3:a:acidcat:acidcat_cms:3.5.0:::::::*
	cpe:2.3:a:acidcat:acidcat_cms:3.5.1:::::::*
	cpe:2.3:a:acidcat:acidcat_cms:3.5.2:::::::*
	cpe:2.3:a:acidcat:acidcat_cms:3.5.3:::::::*

No data.

References

Link	Providers
http://packetstormsecurity.org/1001-exploits/acidcatcms-disclose.txt
http://www.exploit-db.com/exploits/10972
https://exchange.xforce.ibmcloud.com/vulnerabilities/55331

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2010-03-16T19:00:00

Updated: 2024-08-07T01:06:52.568Z

Reserved: 2010-03-16T00:00:00

Link: CVE-2010-0976

Vulnrichment

No data.

NVD

Status : Modified

Published: 2010-03-16T19:30:00.493

Modified: 2017-08-17T01:32:12.040

Link: CVE-2010-0976

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2010-01-03T00:00:00", "descriptions": [{"lang": "en", "value": "Acidcat CMS 3.5.x does not prevent access to install.asp after installation finishes, which might allow remote attackers to restart the installation process and have unspecified other impact via requests to install.asp and other install_*.asp scripts. NOTE: the final installation screen states \"Important: you must now delete all files beginning with 'install' from the root directory.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-16T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "acidcat-install-info-disclosure(55331)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55331"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.org/1001-exploits/acidcatcms-disclose.txt"}, {"name": "10972", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "http://www.exploit-db.com/exploits/10972"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2010-0976", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Acidcat CMS 3.5.x does not prevent access to install.asp after installation finishes, which might allow remote attackers to restart the installation process and have unspecified other impact via requests to install.asp and other install_*.asp scripts. NOTE: the final installation screen states \"Important: you must now delete all files beginning with 'install' from the root directory.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "acidcat-install-info-disclosure(55331)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55331"}, {"name": "http://packetstormsecurity.org/1001-exploits/acidcatcms-disclose.txt", "refsource": "MISC", "url": "http://packetstormsecurity.org/1001-exploits/acidcatcms-disclose.txt"}, {"name": "10972", "refsource": "EXPLOIT-DB", "url": "http://www.exploit-db.com/exploits/10972"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T01:06:52.568Z"}, "title": "CVE Program Container", "references": [{"name": "acidcat-install-info-disclosure(55331)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55331"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.org/1001-exploits/acidcatcms-disclose.txt"}, {"name": "10972", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "http://www.exploit-db.com/exploits/10972"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2010-0976", "datePublished": "2010-03-16T19:00:00", "dateReserved": "2010-03-16T00:00:00", "dateUpdated": "2024-08-07T01:06:52.568Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:acidcat:acidcat_cms:3.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "64D1AC55-4A21-44E9-AAB3-360F795DBCF3", "vulnerable": true}, {"criteria": "cpe:2.3:a:acidcat:acidcat_cms:3.5.1:*:*:*:*:*:*:*", "matchCriteriaId": "E1F5328F-D230-4CD9-AAAA-DBE924ED91EF", "vulnerable": true}, {"criteria": "cpe:2.3:a:acidcat:acidcat_cms:3.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "257D0C22-7893-489C-85F3-586D55265759", "vulnerable": true}, {"criteria": "cpe:2.3:a:acidcat:acidcat_cms:3.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "9AAE4867-ED75-46B8-8E17-66527D753110", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Acidcat CMS 3.5.x does not prevent access to install.asp after installation finishes, which might allow remote attackers to restart the installation process and have unspecified other impact via requests to install.asp and other install_*.asp scripts. NOTE: the final installation screen states \"Important: you must now delete all files beginning with 'install' from the root directory.\""}, {"lang": "es", "value": "Acidcat CMS v3.5.x no previene el acceso a install.asp despu\u00e9s de finalizada la instalaci\u00f3n, lo que puede permitir a atacantes remotos retomar el proceso de instalaci\u00f3n y producir otro impactos no especificados a trav\u00e9s de peticiones a install.asp y otros c\u00f3digos en install_*.asp. NOTA: La pantalla final de la instalaci\u00f3n \"Importante: Debe borrar todos los archivos iniciales con 'install' desde el directorio root\"."}], "id": "CVE-2010-0976", "lastModified": "2017-08-17T01:32:12.040", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2010-03-16T19:30:00.493", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://packetstormsecurity.org/1001-exploits/acidcatcms-disclose.txt"}, {"source": "cve@mitre.org", "url": "http://www.exploit-db.com/exploits/10972"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/55331"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-264"}], "source": "nvd@nist.gov", "type": "Primary"}]}