Описание
monitor/index.php in op5 Monitor and op5 Appliance before 5.5.1 allows remote authenticated users to obtain sensitive information such as database and user credentials via error messages that are triggered by (1) a malformed hoststatustypes parameter to status/service/all or (2) a crafted request to config.
Ссылки
- Vendor Advisory
- Exploit
- Vendor Advisory
- Exploit
Уязвимые конфигурации
Конфигурация 1Версия до 5.5.0 (включая)
Одно из
cpe:2.3:a:op5:monitor:*:*:*:*:*:*:*:*
cpe:2.3:a:op5:monitor:5.3.5:*:*:*:*:*:*:*
cpe:2.3:a:op5:monitor:5.4.0:*:*:*:*:*:*:*
cpe:2.3:a:op5:monitor:5.4.2:*:*:*:*:*:*:*
EPSS
Процентиль: 73%
0.00745
Низкий
4 Medium
CVSS2
Дефекты
CWE-200
Связанные уязвимости
github
почти 4 года назад
monitor/index.php in op5 Monitor and op5 Appliance before 5.5.1 allows remote authenticated users to obtain sensitive information such as database and user credentials via error messages that are triggered by (1) a malformed hoststatustypes parameter to status/service/all or (2) a crafted request to config.
EPSS
Процентиль: 73%
0.00745
Низкий
4 Medium
CVSS2
Дефекты
CWE-200