SQL Statement Disclosure

Web applications usually rely on backend database servers to store persistent information like users, sessions or for example products of an e-commerce website. In some cases, these web applications may fail to properly handle potential errors raised when querying the database, displaying raw...

Rails Development Mode Enabled

The Ruby on Rails RoR web framework uses three environments by default : test, development and production. When running in development mode, the application will render diagnostic pages and expose all the routes available, leaking internal information about the application. In some cases, the...

Password Submitted Using GET Method

The scanner was able to detect that the application uses the HTTP GET method to transmit a password, the information of a URL can be stored in various places web server, proxy, ... and can be transmitted to a third party via the Referer header which also increases the chances of interception by a...

Signup Form Detected

This is an informational notice that the scanner identified a potential signup form. No source data...

Webmin < 1.974 Multiple Vulnerabilities

According to its self-reported version, the Webmin install hosted on the remote host is prior to 1.974. It is, therefore, affected by multiple vulnerabilities. - A Cross Site Request Forgery CSRF that allow to achieve Remote Command Execution RCE through Webmin running process feature. - A...

Webmin < 1.990 Multiple Vulnerabilities

According to its self-reported version, the Webmin install hosted on the remote host is prior to 1.990. It is, therefore, affected by multiple vulnerabilities. - Improper Access Control to Remote Code Execution - Improper Authorization Note that the scanner has not tested for these issues but has...

Kibana 7.7.0 < 7.17.1 Insufficient Authorization

According to its self-reported version number, the Kibana application running on the remote host is 7.7.0 prior to 7.17.1 or 8.0.0. It is, therefore, affected by : - A missing authorization issue in which users with read access to the Uptime feature could modify alerting rules CVE-2022-23709 Note...

Kibana 7.x < 7.13.0 Open Redirect

According to its self-reported version number, the Kibana application running on the remote host is prior to 6.8.16 or 7.0.0 prior to 7.13.0. It is, therefore, affected by : - An Open Redirect through a maliciously crafted URL CVE-2021-22141 Note that the scanner has not tested for these issues b...

PHP 8.1.x < 8.1.14 Integer Overflow

According to its self-reported version number, the version of PHP installed on the remote host is 8.0.x prior to 8.0.27, 8.1.x prior to 8.1.14, or 8.2.x prior to 8.2.1. It is, therefore, affected by an integer overflow. Note that the scanner has not tested for these issues but has instead relied...

Elementor Plugin for WordPress < 3.6.3 Incorrect Authorization

The WordPress pElementor Plugin installed on the remote host is affected by an Incorrect Authorization check. Note that the scanner has not tested for these issues but has instead relied only on the application's self-reported version number. No source data...

WordPress Plugins Detected

This is an informational notice that the scanner was able to detect one or more installed WordPress plugins. No source data...

Microsoft Access Database Detected

A Microsoft Access Database file has been detected on the target host. This may expose privileged information or configurations to a malicious actor. No source data...

WordPress Cron Enabled

The wp-cron.php file is responsible for scheduled events in a WordPress website. By default, when a request is made, WordPress will generate an additional request from it to the wp-cron.php file. By generating a large number of requests to the website, it is therefore possible to make the site...

External URLs

An external URL is an URL for which the Fully Qualified Domain Name FQDN is not the same as the web target URL one. The scanner detected the presence of external URLs on the target web application and have listed them based on two types : URLs with a domain name in common with the web target URL...

Disclosed European Personal Data Number

A European Personal Data Number EPDN is a personally identifiable number that is issued to a citizen of one of the members or ex-members of the European Union. A stolen or leaked EPDN can lead to a compromise, and/or the theft of the affected individuals identity. WAS has discovered an EPDN locat...

Phinx Configuration File Detected

Phinx is an open-source PHP software designed to help developers to quickly create and maintain their SQL databases migrations through PHP code. Phinx uses a configuration file in the project root directory to store the environment and database information. By accessing it, an attacker could...

WordPress Post By Email Enabled

WordPress has a core feature and plugins allowing content managers to publish posts on their blogs by sending their articles to a configured email address. The scanner detected that the target WordPress instance has either the core feature or a specific plugin configured. No source data...

DotNetNuke Administration Panel Login Form Detected

DotNetNuke Administration Panel login has been detected on the target web application. This may present an attacker with an exploit vector which could be leveraged using other techniques, such as a Brute-Force or Dictionary Attack, allowing an attacker to gain access to administrative...

TYPO3 Open Redirection in Login Handling

TYPO3 CMS v6.2.0-6.2.56, 7.0.0-7.6.50, 8.0.0-8.7.39, 9.0.0-9.5.24, 10.0.0-10.4.13, 11.0.0-11.1.0 are susceptible to open redirects in login handling due to improper validation of the HTTP Host header. No source data...

Performance Telemetry

This finding provides information to assist in scan performance tuning. No source data...