cbcvebase.
CVE-2006-5381
published 2006-10-18

CVE-2006-5381: Contenido CMS stores sensitive data under the web root with insufficient access control, which allows remote attackers to obtain database credentials and other…

PriorityP427medium5CVSS 2.0
AVNACLAuNCPINAN
EPSS
1.12%
62.0th percentile
Contenido CMS stores sensitive data under the web root with insufficient access control, which allows remote attackers to obtain database credentials and other information via a direct request to (1) db_msql.inc, (2) db_mssql.inc, (3) db_mysqli.inc, (4) db_oci8.inc, (5) db_odbc.inc, (6) db_oracle.inc, (7) db_pgsql.inc, or (8) db_sybase.inc in the conlib/ directory.

Affected

3 ranges
VendorProductVersion rangeFixed in
contenidocontendio
contenidocontendio
contenidocontendio
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.