Digitaldesign CMS 0.1 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for autoconfig.dd.

Threat-Mapped Scoring

Score: 3.0

Priority: P2 - Serious (High)

• S1 – Steal Customer Account Information

EPSS

Score: 0.05261
Percentile: 0.89551

CVSS Scoring

Mapped CWE(s)

• CWE-552 : Files or Directories Accessible to External Parties

All CAPEC(s)

CAPEC(s) with Mapped TTPs

Mapped ATT&CK TTPs

• T1003 : OS Credential Dumping
  Kill Chain: credential-access
• T1119 : Automated Collection
  Kill Chain: collection
• T1213 : Data from Information Repositories
  Kill Chain: collection
• T1530 : Data from Cloud Storage
  Kill Chain: collection
• T1555 : Credentials from Password Stores
  Kill Chain: credential-access
• T1602 : Data from Configuration Repository
  Kill Chain: collection
• T1039 : Data from Network Shared Drive
  Kill Chain: collection
• T1552.001 : Credentials In Files
  Kill Chain: credential-access
• T1552.003 : Bash History
  Kill Chain: credential-access
• T1552.004 : Private Keys
  Kill Chain: credential-access
• T1552.006 : Group Policy Preferences
  Kill Chain: credential-access

Malware

APTs Threat Group Associations

Campaigns

Affected Products

• cpe:2.3:a:digitaldesign_cms_project:digitaldesign_cms:0.1:*:*:*:*:*:*:*

← Back to Home