Hadi999/CVE-2023-27180.txt

## CVE-2023-27180.txt
> [Suggested description]
> GDidees CMS v3.9.1 was discovered to contain a source code disclosure
> vulnerability by the backup feature which is accessible via
> /_admin/backup.php.
>
> ------------------------------------------
>
> [Vulnerability Type]
> Incorrect Access Control
>
> ------------------------------------------
>
> [Vendor of Product]
> GDidees
>
> ------------------------------------------
>
> [Affected Product Code Base]
> GDidees CMS - 3.9.1 and lower versions
>
> ------------------------------------------
>
> [Affected Component]
> the affected file is : {webroot}/_admin/backup.php
> the backup archives are stored at : {webroot}/_db-backups
>
> ------------------------------------------
>
> [Attack Type]
> Remote
>
> ------------------------------------------
>
> [Impact Information Disclosure]
> true
>
> ------------------------------------------
>
> [Attack Vectors]
> An attacker could visit {URL}/_admin/backup.php in order to generate an zipped backup file of web root then go to {URL}/_db-backups/ and download the archive containing all the source code of the GDidees installation including database credentials and private files.
> The archive may also contain other applications outside GDidees such as virtual hosts.
>
> ------------------------------------------
>
> [Reference]
> https://www.gdidees.eu/cms-1-0.html
> https://github.com/chamilo/pclzip
>
> ------------------------------------------
>
> [Discoverer]
> Hadi Mene
	> [Suggested description]
	> GDidees CMS v3.9.1 was discovered to contain a source code disclosure
	> vulnerability by the backup feature which is accessible via
	> /_admin/backup.php.
	>
	> ------------------------------------------
	>
	> [Vulnerability Type]
	> Incorrect Access Control
	>
	> ------------------------------------------
	>
	> [Vendor of Product]
	> GDidees
	>
	> ------------------------------------------
	>
	> [Affected Product Code Base]
	> GDidees CMS - 3.9.1 and lower versions
	>
	> ------------------------------------------
	>
	> [Affected Component]
	> the affected file is : {webroot}/_admin/backup.php
	> the backup archives are stored at : {webroot}/_db-backups
	>
	> ------------------------------------------
	>
	> [Attack Type]
	> Remote
	>
	> ------------------------------------------
	>
	> [Impact Information Disclosure]
	> true
	>
	> ------------------------------------------
	>
	> [Attack Vectors]
	> An attacker could visit {URL}/_admin/backup.php in order to generate an zipped backup file of web root then go to {URL}/_db-backups/ and download the archive containing all the source code of the GDidees installation including database credentials and private files.
	> The archive may also contain other applications outside GDidees such as virtual hosts.
	>
	> ------------------------------------------
	>
	> [Reference]
	> https://www.gdidees.eu/cms-1-0.html
	> https://github.com/chamilo/pclzip
	>
	> ------------------------------------------
	>
	> [Discoverer]
	> Hadi Mene