exploitDog

GHSA-mr96-7qcv-9qcp

Опубликовано: 01 мая 2022

Источник: github

Github: Не прошло ревью

Описание

PDshopPro stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) /pdshoppro.mdb, (2) /data/pdshoppro.mdb, or (3) /shoppro/data/pdshoppro.mdb.

PDshopPro stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) /pdshoppro.mdb, (2) /data/pdshoppro.mdb, or (3) /shoppro/data/pdshoppro.mdb.

Ссылки

EPSS

Процентиль: 53%

0.00306

Низкий

CVE ID

Связанные уязвимости

CVE-2006-5197

nvd

больше 19 лет назад

PDshopPro stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) /pdshoppro.mdb, (2) /data/pdshoppro.mdb, or (3) /shoppro/data/pdshoppro.mdb.

EPSS

Процентиль: 53%

0.00306

Низкий

CVE ID