GCVE - cpe:2.3:a:acidcat:acidcat_cms:3.4.1:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:acidcat:acidcat_cms:3.4.1:*:*:*:*:*:*:*

part: a version: 3.4.1 update: *

Vendor	Acidcat (`6d0cc0d5-2f5a-5841-9d58-b7a9b1a4eb8c`)
Product	Acidcat Cms (`1deffc63-4f26-5151-8449-78b8d50a1618`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2010-0984`	vulnerable	2026-06-03 14:30:11.798384	Details available Acidcat CMS 3.5.3 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing credentials via a direct request for databases/acidcat_3.mdb. Published: 2010-03-16T19:00:00.000Z Updated: 2024-08-07T01:06:52.568Z Open on db.gcve.eu Reference links https://exchange.xforce.ibmcloud.com/vulnerabilities/55329 http://osvdb.org/61436 http://packetstormsecurity.org/1001-exploits/acidcatcms-disclose.txt http://secunia.com/advisories/38084 http://www.exploit-db.com/exploits/10972	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2008-1993`	vulnerable	2026-06-03 14:28:42.935581	Details available Acidcat CMS 3.4.1 does not restrict access to the FCKEditor component, which allows remote attackers to upload arbitrary files. Published: 2008-04-27T21:00:00.000Z Updated: 2024-08-07T08:41:00.219Z Open on db.gcve.eu Reference links http://bugreport.ir/index.php?/36 http://securityreason.com/securityalert/3842 http://www.securityfocus.com/archive/1/491129/100/0/threaded http://www.securityfocus.com/bid/28868 https://www.exploit-db.com/exploits/5478	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2008-1992`	vulnerable	2026-06-03 14:28:42.935262	Details available Acidcat CMS 3.4.1 does not properly restrict access to (1) default_mail_aspemail.asp, (2) default_mail_cdosys.asp or (3) default_mail_jmail.asp, which allows remote attackers to bypass restrictions and relay email messages with modified From, FromName, and To fields. Published: 2008-04-27T21:00:00.000Z Updated: 2024-08-07T08:41:00.252Z Open on db.gcve.eu Reference links http://bugreport.ir/index.php?/36 http://securityreason.com/securityalert/3842 http://secunia.com/advisories/29916 http://www.securityfocus.com/archive/1/491129/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/41921	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2008-1991`	vulnerable	2026-06-03 14:28:42.934912	Details available Cross-site scripting (XSS) vulnerability in admin_colors_swatch.asp in Acidcat CMS 3.4.1 allows remote attackers to inject arbitrary web script or HTML via the field parameter. Published: 2008-04-27T21:00:00.000Z Updated: 2024-08-07T08:41:00.217Z Open on db.gcve.eu Reference links http://bugreport.ir/index.php?/36 http://securityreason.com/securityalert/3842 http://secunia.com/advisories/29916 http://www.securityfocus.com/archive/1/491129/100/0/threaded http://www.securityfocus.com/bid/28868	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2008-1990`	vulnerable	2026-06-03 14:28:42.934501	Details available Multiple SQL injection vulnerabilities in Acidcat CMS 3.4.1 allow remote attackers to execute arbitrary SQL commands via the (1) cID parameter to default.asp and the (2) username parameter to main_login2.asp. Published: 2008-04-27T21:00:00.000Z Updated: 2024-08-07T08:41:00.259Z Open on db.gcve.eu Reference links http://bugreport.ir/index.php?/36 http://securityreason.com/securityalert/3842 http://secunia.com/advisories/29916 http://www.securityfocus.com/archive/1/491129/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/41918	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.