Описание
STphp EasyNews PRO 4.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain usernames, email addresses, and password hashes via a direct request for data/users.txt.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:stphp:easynews:4.0:*:pro:*:*:*:*:*
EPSS
Процентиль: 92%
0.08396
Низкий
7.8 High
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
STphp EasyNews PRO 4.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain usernames, email addresses, and password hashes via a direct request for data/users.txt.
EPSS
Процентиль: 92%
0.08396
Низкий
7.8 High
CVSS2
Дефекты
NVD-CWE-Other