LabVantage LIMS 8.3 does not properly maintain the confidentiality of database names. For example, the web application exposes the database name. An attacker might be able to enumerate database names by providing his own database name in a request, because the response will return an 'Unrecognized Database exception message if the database does not exist.
References
Link | Resource |
---|---|
https://github.com/websecnl/LabVantage8.3-Exploit | Exploit Third Party Advisory |
https://www.exploit-db.com/exploits/48090 | Exploit Third Party Advisory VDB Entry |
https://github.com/websecnl/LabVantage8.3-Exploit | Exploit Third Party Advisory |
https://www.exploit-db.com/exploits/48090 | Exploit Third Party Advisory VDB Entry |
Configurations
History
21 Nov 2024, 05:38
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/websecnl/LabVantage8.3-Exploit - Exploit, Third Party Advisory | |
References | () https://www.exploit-db.com/exploits/48090 - Exploit, Third Party Advisory, VDB Entry |
Information
Published : 2020-02-17 21:15
Updated : 2024-11-21 05:38
NVD link : CVE-2020-7959
Mitre link : CVE-2020-7959
CVE.ORG link : CVE-2020-7959
JSON object : View
Products Affected
labvantage
- labvantage
CWE
CWE-203
Observable Discrepancy