CVE-2013-2563
Severity Score
2.1
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
2
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Mambo CMS 4.6.5 uses world-readable permissions on configuration.php, which allows local users to obtain the admin password hash by reading the file.
Mambo CMS 4.6.5 utiliza permisos de lectura universal en configuration.php, lo que permite a usuarios locales obtener el hash de contraseña de administración mediante la lectura del fichero.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2013-03-13 CVE Reserved
- 2014-06-09 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-06 CVE Updated
- 2024-08-06 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-264: Permissions, Privileges, and Access Controls
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| http://seclists.org/oss-sec/2013/q1/689 | Mailing List |
|
| URL | Date | SRC |
|---|---|---|
| http://packetstormsecurity.com/files/108462/mambocms465-permdosdisclose.txt | 2024-08-06 | |
| http://www.vapid.dhs.org/advisories/mambo_cms_4.6.5.html | 2024-08-06 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Mambo-foundation Search vendor "Mambo-foundation" | Mambo Cms Search vendor "Mambo-foundation" for product "Mambo Cms" | 4.6.5 Search vendor "Mambo-foundation" for product "Mambo Cms" and version "4.6.5" | - |
Affected
| ||||||