5 matches found
Anchor CMS 0.12.3 - Error Log Exposure
Anchor CMS 0.12.3 is susceptible to an error log exposure vulnerability due to an issue in config/error.php. The error log is exposed at an errors.log URI, and contains MySQL credentials if a MySQL error such as "Too many connections" has occurred. id: CVE-2018-7251 info: name: Anchor CMS 0.12.3 ...
AnchorCMS 0.12.3a - Information Disclosure
AnchorCMS 0.12.3a - Information Disclosure Exploit Title: Information disclosure MySQL password in error log Date: 2/10/2019 Exploit Author: Tijme Gommers https://twitter.com/finnwea/ Vendor Homepage: https://anchorcms.com/ Software Link: https://github.com/anchorcms/anchor-cms/releases Version:...
AnchorCMS < 0.12.3a - Information Disclosure
Exploit Title: Information disclosure MySQL password in error log Date: 2/10/2019 Exploit Author: Tijme Gommers https://twitter.com/finnwea/ Vendor Homepage: https://anchorcms.com/ Software Link: https://github.com/anchorcms/anchor-cms/releases Version: 0.12.3a Tested on: Linux CVE : CVE-2018-725...
CVE-2018-7251
An issue was discovered in config/error.php in Anchor 0.12.3. The error log is exposed at an errors.log URI, and contains MySQL credentials if a MySQL error such as "Too many connections" has occurred...
CVE-2018-7251
Anchor CMS 0.12.3 is vulnerable due to an error in config/error.php that exposes an errors.log URI. The log can contain MySQL credentials when errors occur (e.g., Too many connections), enabling information disclosure. Affected component: error logging; impact: credential exposure. Remediation: u...