exploitDog

CVE-2015-3881

Опубликовано: 17 мар. 2017

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

Information disclosure issue in qdPM 8.3 allows remote attackers to obtain sensitive information via a direct request to (1) core/config/databases.yml, (2) core/log/qdPM_prod.log, or (3) core/apps/qdPM/config/settings.yml.

Ссылки

http://rossmarks.uk/portfolio.php
Third Party Advisory
http://rossmarks.uk/whitepapers/qdPM_8.3.txt
Exploit
Third Party Advisory
http://rossmarks.uk/portfolio.php
Third Party Advisory
http://rossmarks.uk/whitepapers/qdPM_8.3.txt
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:qdpm:qdpm:8.3:*:*:*:*:*:*:*

EPSS

Процентиль: 56%

0.00337

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

GHSA-g2c8-c2j8-3vp6

CVSS3: 7.5

github

больше 3 лет назад

Information disclosure issue in qdPM 8.3 allows remote attackers to obtain sensitive information via a direct request to (1) core/config/databases.yml, (2) core/log/qdPM_prod.log, or (3) core/apps/qdPM/config/settings.yml.

EPSS

Процентиль: 56%

0.00337

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-200