Описание
ASTPP 4.0.1 contains an information disclosure vulnerability that allows unauthenticated attackers to download database backup files by predicting backup filename patterns. Attackers can generate a list of 6-digit PIN combinations and fuzz the backup download URL to exfiltrate sensitive database information from the /database_backup/ directory.
Ссылки
- Product
- Product
- ExploitThird Party AdvisoryVDB Entry
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:inextrix:astpp:4.0.1:*:*:*:*:*:*:*
EPSS
Процентиль: 43%
0.00565
Низкий
7.5 High
CVSS3
Дефекты
CWE-538
Связанные уязвимости
CVSS3: 7.5
github
5 месяцев назад
ASTPP 4.0.1 contains an information disclosure vulnerability that allows unauthenticated attackers to download database backup files by predicting backup filename patterns. Attackers can generate a list of 6-digit PIN combinations and fuzz the backup download URL to exfiltrate sensitive database information from the /database_backup/ directory.
EPSS
Процентиль: 43%
0.00565
Низкий
7.5 High
CVSS3
Дефекты
CWE-538