Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

MCL-Net 4.3.5.8788 Information Disclosure

🗓️ 27 Jun 2023 00:00:00Reported by Victor A. MoralesType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 264 Views

MCL-Net 4.3.5.8788 Information Disclosure on Default Port 508

Related
Code
ReporterTitlePublishedViews
Family
0day.today		MCL-Net 4.3.5.8788 - Information Disclosure Vulnerability
26 Jun 202300:00
zdt
ATTACKERKB		CVE-2023-34834
29 Jun 202303:15
attackerkb
CNNVD		MCL-Net 安全漏洞
23 Jun 202300:00
cnnvd
CVE		CVE-2023-34834
29 Jun 202300:00
cve
Cvelist		CVE-2023-34834
29 Jun 202300:00
cvelist
Exploit DB		MCL-Net 4.3.5.8788 - Information Disclosure
23 Jun 202300:00
exploitdb
EUVD		EUVD-2023-38875
3 Oct 202520:07
euvd
NVD		CVE-2023-34834
29 Jun 202303:15
nvd
OSV		CVE-2023-34834
29 Jun 202303:15
osv
Prion		Directory traversal
29 Jun 202303:15
prion
Rows per page
`# Exploit Title: MCL-Net 4.3.5.8788 - Information Disclosure  
# Date: 5/31/2023  
# Exploit Author: Victor A. Morales, GM Sectec Inc.  
# Vendor Homepage: https://www.mcl-mobilityplatform.com/net.php  
# Version: 4.3.5.8788 (other versions may be affected)  
# Tested on: Microsoft Windows 10 Pro  
# CVE: CVE-2023-34834  
  
Description:  
Directory browsing vulnerability in MCL-Net version 4.3.5.8788 webserver running on default port 5080, allows attackers to gain sensitive information about the configured databases via the "/file" endpoint.  
  
Steps to reproduce:  
1. Navigate to the webserver on default port 5080, where "Index of Services" will disclose directories, including the "/file" directory.   
2. Browse to the "/file" directory and database entry folders configured  
3. The "AdoInfo.txt" file will contain the database connection strings in plaintext for the configured database. Other files containing database information are also available inside the directory.  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
27 Jun 2023 00:00Current
7.1High risk
Vulners AI Score7.1
EPSS0.03298
exploitdirectory browsingwebservervulnerabilitydatabaseconnection stringsplaintextmicrosoft windows 10 procve-2023-34834
264