Lucene search
Veracode Vulnerability DatabaseVERACODE:45653HistoryFeb 27, 2024 - 9:45 a.m.
Information Disclosure
2024-02-2709:45:56
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
8
microsoft graph core
information disclosure
test code
phpinfo function
misconfigured server
vendor directory
web accessible
vulnerability
microsoft/microsoft-graph-core is vulnerable to Information Disclosure. The vulnerability is due to the inclusion of test code that enables the use of the phpInfo function, specifically through the GetPhpInfo.php script, which can expose sensitive system information if the server is misconfigured to make the application’s /vendor directory web accessible.
| CPE | Name | Operator | Version |
|---|---|---|---|
| microsoft/microsoft-graph-core | le | 2.0.1 | |
| microsoft/microsoft-graph-core | le | 2.0.1 |
Related
osv
osv
CVE-2023-49283
2023-12-05 23:15:07
Test code in published microsoft-graph-core package exposes phpinfo()
2023-12-05 22:46:57
friendsofphp
friendsofphp
Test code in published microsoft-graph-core package exposes phpinfo()
2023-11-30 12:40:00
prion
prion
Design/Logic Flaw
2023-12-05 23:15:00
cve
cve
CVE-2023-49283
2023-12-05 23:15:07
cvelist
cvelist
github
github
Test code in published microsoft-graph-core package exposes phpinfo()
2023-12-05 22:46:57
openvas
openvas
phpinfo() Output Detection (HTTP)
2018-10-19 00:00:00
phpinfo() Output Reporting (HTTP)
2005-11-03 00:00:00