Описание
PHP Advanced Transfer Manager 1.00 through 1.30 stores sensitive information, including password hashes, under the web root with insufficient access control, which allows remote attackers to download each password hash via a direct request for a users/[USERNAME] file.
Ссылки
- Exploit
- ExploitURL Repurposed
- Exploit
- ExploitURL Repurposed
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:bugada_andrea:php_advanced_transfer_manager:1.00:*:*:*:*:*:*:*
cpe:2.3:a:bugada_andrea:php_advanced_transfer_manager:1.01:*:*:*:*:*:*:*
cpe:2.3:a:bugada_andrea:php_advanced_transfer_manager:1.02:*:*:*:*:*:*:*
cpe:2.3:a:bugada_andrea:php_advanced_transfer_manager:1.03:*:*:*:*:*:*:*
cpe:2.3:a:bugada_andrea:php_advanced_transfer_manager:1.20:*:*:*:*:*:*:*
cpe:2.3:a:bugada_andrea:php_advanced_transfer_manager:1.21:*:*:*:*:*:*:*
cpe:2.3:a:bugada_andrea:php_advanced_transfer_manager:1.22:*:*:*:*:*:*:*
cpe:2.3:a:bugada_andrea:php_advanced_transfer_manager:1.30:*:*:*:*:*:*:*
EPSS
Процентиль: 92%
0.08486
Низкий
5 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
PHP Advanced Transfer Manager 1.00 through 1.30 stores sensitive information, including password hashes, under the web root with insufficient access control, which allows remote attackers to download each password hash via a direct request for a users/[USERNAME] file.
EPSS
Процентиль: 92%
0.08486
Низкий
5 Medium
CVSS2
Дефекты
NVD-CWE-Other