kalyan02 NanoCMS Sensitive Data Exposure Vulnerability in User Information Handler
Vulnerability
A vulnerability in kalyan02 NanoCMS versions through 0.4 allows for unauthorized access to user data, including administrator information. This issue arises from inadequate access controls on the '/data/pagesdata.txt' file, which is part of the User Information Handler component. The vulnerability can be exploited remotely without authentication, leading to a direct request issue where sensitive data can be accessed publicly.
Impact
Exploitation of this vulnerability allows for direct access to sensitive user information stored in the 'pagesdata.txt' file, including administrative credentials.
Reproduction
The vulnerability can be reproduced by sending a direct request to the '/data/pagesdata.txt' file on the server. This can be done manually or through automated tools, as the exploit is publicly available.
Remediation
Users are advised to change the configuration settings to restrict access to the 'pagesdata.txt' file and implement proper access controls.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.