Vulnerabilities > CVE-2013-2562 - Credentials Management vulnerability in Mambo-Foundation Mambo CMS 4.6.5

CVSS 2.1 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

local

low complexity

mambo-foundation

CWE-255

NVD

Published: 2014-06-09

Updated: 2014-06-24

Summary

Mambo CMS 4.6.5 stores the MySQL database password in cleartext in the document root, which allows local users to obtain sensitive information via unspecified vectors.

Vulnerable Configurations

Part	Description	Count
Application	Mambo-Foundation Mambo Foundation Mambo CMS 4.6.5	1

Common Weakness Enumeration (CWE)

CWE-255 - Credentials Management

References

http://packetstormsecurity.com/files/108462/mambocms465-permdosdisclose.txt
http://seclists.org/oss-sec/2013/q1/689
http://www.vapid.dhs.org/advisories/mambo_cms_4.6.5.html