CVE-2010-5292
low
CVSS v3
โ
CVSS v4 NEW
โ
VIR risk
1.9
Description
Amberdms Billing System (ABS) before 1.4.1, when a multi-instance installation is configured, might allow local users to obtain sensitive information by reading the cache in between runs of the include/cron/services_usage.php cron job.
Predictions
Exploit likelihood
20%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| amberdms | amberdms_billing_system | {"endIncluding":"1.4.0"} | |
| amberdms | amberdms_billing_system | 1.0.0 | |
| amberdms | amberdms_billing_system | 1.1.0 | |
| amberdms | amberdms_billing_system | 1.2.0 | |
| amberdms | amberdms_billing_system | 1.3.0 | |
References
- https://projects.jethrocarr.com/p/oss-amberdms-bs/source/tree/f23f1121bd137bf798c8d3f01d35fa297a285331/help/docs/RELEASE_NOTES
- https://raw.github.com/jethrocarr/amberdms-bs/master/help/docs/CHANGELOG
- https://projects.jethrocarr.com/p/oss-amberdms-bs/source/tree/f23f1121bd137bf798c8d3f01d35fa297a285331/help/docs/RELEASE_NOTES
- https://raw.github.com/jethrocarr/amberdms-bs/master/help/docs/CHANGELOG
CWEs
CWE-200
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.