exploitDog

CVE-2018-19609

Опубликовано: 27 нояб. 2018

Источник: nvd

CVSS3: 6.5

CVSS2: 4

EPSS Низкий

Описание

ShowDoc 2.4.1 allows remote attackers to obtain sensitive information by navigating with a modified page_id, as demonstrated by reading note content, or discovering a username in the JSON data at a diff URL.

Ссылки

https://github.com/CCCCCrash/POCs/tree/master/Web/showdoc/IncorrectAccessControl
Exploit
Third Party Advisory
https://github.com/CCCCCrash/POCs/tree/master/Web/showdoc/IncorrectAccessControl
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:showdoc:showdoc:2.4.1:*:*:*:*:*:*:*

EPSS

Процентиль: 45%

0.00225

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

GHSA-6xx7-cphv-pxgr

CVSS3: 6.5

github

больше 3 лет назад

Showdoc Forced Browsing

EPSS

Процентиль: 45%

0.00225

Низкий

6.5 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-200