exploitDog

CVE-2023-23327

Опубликовано: 10 мар. 2023

Источник: nvd

CVSS3: 4.9

EPSS Низкий

Описание

An Information Disclosure vulnerability exists in AvantFAX 3.3.7. Backups of the AvantFAX sent/received faxes, and database backups are stored using the current date as the filename and hosted on the web server without access controls.

Ссылки

http://avantfax.com
Product
https://github.com/superkojiman/vulnerabilities/blob/master/AvantFAX-3.3.7/README.md
Exploit
Third Party Advisory
http://avantfax.com
Product
https://github.com/superkojiman/vulnerabilities/blob/master/AvantFAX-3.3.7/README.md
Exploit
Third Party Advisory
https://github.com/superkojiman/vulnerabilities/blob/master/AvantFAX-3.3.7/README.md
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:avantfax:avantfax:3.3.7:*:*:*:*:*:*:*

EPSS

Процентиль: 36%

0.0015

Низкий

4.9 Medium

CVSS3

Дефекты

CWE-200

CWE-200

Связанные уязвимости

GHSA-485r-459v-j5pq

CVSS3: 4.9

github

почти 3 года назад

An Information Disclosure vulnerability exists in AvantFAX 3.3.7. Backups of the AvantFAX sent/received faxes, and database backups are stored using the current date as the filename and hosted on the web server without access controls.

EPSS

Процентиль: 36%

0.0015

Низкий

4.9 Medium

CVSS3

Дефекты

CWE-200

CWE-200