CVE-2021-44315

Опубликовано: 16 дек. 2021

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

In Bus Pass Management System v1.0, Directory Listing/Browsing is enabled on the web server which allows an attacker to view the sensitive files of the application, for example: Any file which contains sensitive information of the user or server.

Ссылки

https://github.com/abhiunix/Bus-Pass-Management-System-v1.0/blob/master/Directory%20listing/Report_Directory%20listing.pdf
Exploit
Third Party Advisory
https://github.com/abhiunix/Bus-Pass-Management-System-v1.0/tree/master/Directory%20listing
Third Party Advisory
https://github.com/abhiunix/Bus-Pass-Management-System-v1.0/blob/master/Directory%20listing/Report_Directory%20listing.pdf
Exploit
Third Party Advisory
https://github.com/abhiunix/Bus-Pass-Management-System-v1.0/tree/master/Directory%20listing
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:phpgurukul:bus_pass_management_system:1.0:*:*:*:*:*:*:*

EPSS

Процентиль: 52%

0.00291

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-552

Связанные уязвимости

GHSA-pmgm-pv8c-pw29