DigiLIBE 3.4 and possibly other versions sends a redirect but does not exit, which allows remote attackers to obtain sensitive configuration information via a direct request to configuration/general_configuration.html.
References
Link | Resource |
---|---|
http://archives.neohapsis.com/archives/bugtraq/2013-01/0095.html | Exploit |
Configurations
History
No history.
Information
Published : 2013-02-14 22:55
Updated : 2024-02-28 12:00
NVD link : CVE-2013-1402
Mitre link : CVE-2013-1402
CVE.ORG link : CVE-2013-1402
JSON object : View
Products Affected
digitiliti
- digilibe
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor