Vulnerability Details : CVE-2010-0976
Potential exploit
Acidcat CMS 3.5.x does not prevent access to install.asp after installation finishes, which might allow remote attackers to restart the installation process and have unspecified other impact via requests to install.asp and other install_*.asp scripts. NOTE: the final installation screen states "Important: you must now delete all files beginning with 'install' from the root directory."
Products affected by CVE-2010-0976
- cpe:2.3:a:acidcat:acidcat_cms:3.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:acidcat:acidcat_cms:3.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:acidcat:acidcat_cms:3.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:acidcat:acidcat_cms:3.5.2:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2010-0976
2.09%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 82 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2010-0976
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2010-0976
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2010-0976
-
http://www.exploit-db.com/exploits/10972
Acidcat CMS 3.5 - Multiple Vulnerabilities - ASP webapps Exploit
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/55331
Acidcat CMS install.asp information disclosure CVE-2010-0976 Vulnerability Report
-
http://packetstormsecurity.org/1001-exploits/acidcatcms-disclose.txt
Files ≈ Packet StormExploit
Jump to