Описание
LifeType 1.0.x and 1.1.x have insufficient access control for all of the PHP scripts under (1) class/ and (2) plugins/, which allows remote attackers to obtain the installation path via a direct request to any of the scripts, as demonstrated by (a) bayesianfilter.class.php and (b) bootstrap.php, which leaks the path in an error message.
Ссылки
- PatchVendor Advisory
- ExploitPatchVendor Advisory
- Vendor Advisory
- PatchVendor Advisory
- ExploitPatchVendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:lifetype:lifetype:1.0.2:*:*:*:*:*:*:*
cpe:2.3:a:lifetype:lifetype:1.0.3:*:*:*:*:*:*:*
cpe:2.3:a:lifetype:lifetype:1.0.4:*:*:*:*:*:*:*
cpe:2.3:a:lifetype:lifetype:1.0.5:*:*:*:*:*:*:*
cpe:2.3:a:lifetype:lifetype:1.1.0:*:*:*:*:*:*:*
cpe:2.3:a:lifetype:lifetype:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:lifetype:lifetype:1.1.2:*:*:*:*:*:*:*
EPSS
Процентиль: 73%
0.00763
Низкий
5 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
LifeType 1.0.x and 1.1.x have insufficient access control for all of the PHP scripts under (1) class/ and (2) plugins/, which allows remote attackers to obtain the installation path via a direct request to any of the scripts, as demonstrated by (a) bayesianfilter.class.php and (b) bootstrap.php, which leaks the path in an error message.
EPSS
Процентиль: 73%
0.00763
Низкий
5 Medium
CVSS2
Дефекты
NVD-CWE-Other