4 matches found
Information Disclosure
microsoft/microsoft-graph is vulnerable to Information Disclosure. The vulnerability exists in the phpinfo function of GetPhpInfo.php, allowing an attacker to access unauthorized system information such as configuration details, modules, and environment variables. This vulnerability is only...
CVE-2023-49283
The CVE-2023-49283 issue affects the Microsoft Graph Core PHP SDK (vendor/microsoft/microsoft-graph-core) where test code in GetPhpInfo.php calls phpinfo(), enabling information disclosure if the server misconfigures access to the vendor directory. Affected: Microsoft Graph Core PHP SDK prior to ...
ownCloud graphapi Information Disclosure Vulnerability
ownCloud graphapi contains an information disclosure vulnerability that can reveal sensitive data stored in phpinfo via GetPhpInfo.php, including administrative credentials...
PT-2023-7082
Name of the Vulnerable Software and Affected Versions ownCloud owncloud/graphapi versions 0.2.x through 0.2.0 and versions 0.3.x through 0.3.0 Description The issue is related to the graphapi app in ownCloud, which relies on a third-party GetPhpInfo.php library. This library provides a URL that,...