exploitDog

CVE-2020-7959

Опубликовано: 17 фев. 2020

Источник: nvd

CVSS3: 5.3

CVSS2: 5

EPSS Низкий

Описание

LabVantage LIMS 8.3 does not properly maintain the confidentiality of database names. For example, the web application exposes the database name. An attacker might be able to enumerate database names by providing his own database name in a request, because the response will return an 'Unrecognized Database exception message if the database does not exist.

Ссылки

https://github.com/websecnl/LabVantage8.3-Exploit
Exploit
Third Party Advisory
https://www.exploit-db.com/exploits/48090
Exploit
Third Party Advisory
VDB Entry
https://github.com/websecnl/LabVantage8.3-Exploit
Exploit
Third Party Advisory
https://www.exploit-db.com/exploits/48090
Exploit
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:labvantage:labvantage:8.3:*:*:*:*:*:*:*

EPSS

Процентиль: 43%

0.00209

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-203

Связанные уязвимости

GHSA-p6hf-7wm2-3xg4

CVSS3: 5.3

github

больше 3 лет назад

LabVantage LIMS 8.3 does not properly maintain the confidentiality of database names. For example, the web application exposes the database name. An attacker might be able to enumerate database names by providing his own database name in a request, because the response will return an 'Unrecognized Database exception message if the database does not exist.

EPSS

Процентиль: 43%

0.00209

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-203