You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Description:
This vulnerability occurs when a low privilege user is able to get internal system path, file path and DB related information by manipulating the parameter from project=admin to project=admin' in the URL. This error message allows the low privilege user to gain insights into the inner workings of the application or system, potentially leading to unintended exposure of sensitive data or exploitation of system weaknesses.
Impact:
This vulnerability can have several detrimental consequences. Firstly, the exposure of internal paths provides attackers with insights into the directory structure of the application, facilitating further exploitation. Secondly, disclosing error messages can aid attackers in refining their attack strategies and identifying potential weaknesses within the application.
The text was updated successfully, but these errors were encountered:
Name of the Affected Product:
Reportico
Affected Version:
Till 8.1.0
Description:
This vulnerability occurs when a low privilege user is able to get internal system path, file path and DB related information by manipulating the parameter from project=admin to project=admin' in the URL. This error message allows the low privilege user to gain insights into the inner workings of the application or system, potentially leading to unintended exposure of sensitive data or exploitation of system weaknesses.
Impact:
This vulnerability can have several detrimental consequences. Firstly, the exposure of internal paths provides attackers with insights into the directory structure of the application, facilitating further exploitation. Secondly, disclosing error messages can aid attackers in refining their attack strategies and identifying potential weaknesses within the application.
The text was updated successfully, but these errors were encountered: