Описание
PHP Webquest 2.6 allows remote attackers to retrieve database credentials via a direct request to admin/backup_phpwebquest.php, which leaks the credentials in an error message if a call to /usr/bin/mysqldump fails. NOTE: this might only be an issue in limited environments.
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:phpwebquest:phpwebquest:2.6:*:*:*:*:*:*:*
EPSS
Процентиль: 90%
0.05093
Низкий
5 Medium
CVSS2
Дефекты
CWE-200
Связанные уязвимости
github
почти 4 года назад
PHP Webquest 2.6 allows remote attackers to retrieve database credentials via a direct request to admin/backup_phpwebquest.php, which leaks the credentials in an error message if a call to /usr/bin/mysqldump fails. NOTE: this might only be an issue in limited environments.
EPSS
Процентиль: 90%
0.05093
Низкий
5 Medium
CVSS2
Дефекты
CWE-200