Описание
Livetecs Timelive before 6.2.8 does not properly restrict access to systemsetting.aspx, which allows remote attackers to change configurations and obtain the database connection string and credentials via unspecified vectors.
Ссылки
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:livetecs:timeline:2.81:*:*:*:*:*:*:*
cpe:2.3:a:livetecs:timeline:2.91:*:*:*:*:*:*:*
cpe:2.3:a:livetecs:timeline:2.94:*:*:*:*:*:*:*
cpe:2.3:a:livetecs:timeline:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:livetecs:timeline:3.0.3:*:*:*:*:*:*:*
cpe:2.3:a:livetecs:timeline:3.0.5:*:*:*:*:*:*:*
cpe:2.3:a:livetecs:timeline:3.1.1:*:*:*:*:*:*:*
cpe:2.3:a:livetecs:timeline:3.2.1:*:*:*:*:*:*:*
cpe:2.3:a:livetecs:timeline:3.5.1:*:*:*:*:*:*:*
cpe:2.3:a:livetecs:timeline:3.6.1:*:*:*:*:*:*:*
cpe:2.3:a:livetecs:timeline:3.7.1:*:*:*:*:*:*:*
cpe:2.3:a:livetecs:timeline:3.8.1:*:*:*:*:*:*:*
cpe:2.3:a:livetecs:timeline:4.2.1:*:*:*:*:*:*:*
cpe:2.3:a:livetecs:timeline:4.3.1:*:*:*:*:*:*:*
cpe:2.3:a:livetecs:timeline:4.9.1:*:*:*:*:*:*:*
cpe:2.3:a:livetecs:timeline:5.2.1:*:*:*:*:*:*:*
cpe:2.3:a:livetecs:timeline:6.0.1:*:*:*:*:*:*:*
cpe:2.3:a:livetecs:timeline:6.2.1:*:*:*:*:*:*:*
cpe:2.3:a:livetecs:timeline:6.2.3:*:*:*:*:*:*:*
cpe:2.3:a:livetecs:timeline:6.2.4:*:*:*:*:*:*:*
cpe:2.3:a:livetecs:timeline:6.2.6:*:*:*:*:*:*:*
cpe:2.3:a:livetecs:timeline:6.2.7:*:*:*:*:*:*:*
cpe:2.3:a:livetecs:timeline:6.2.71:*:*:*:*:*:*:*
cpe:2.3:a:livetecs:timeline:7.1.1:*:*:*:*:*:*:*
EPSS
Процентиль: 69%
0.00585
Низкий
7.5 High
CVSS2
Дефекты
CWE-264
Связанные уязвимости
github
больше 3 лет назад
Livetecs Timelive before 6.2.8 does not properly restrict access to systemsetting.aspx, which allows remote attackers to change configurations and obtain the database connection string and credentials via unspecified vectors.
EPSS
Процентиль: 69%
0.00585
Низкий
7.5 High
CVSS2
Дефекты
CWE-264