CVE-2018-7251

Published: Feb 19, 2018Modified: Nov 21, 2024

9.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

An issue was discovered in config/error.php in Anchor 0.12.3. The error log is exposed at an errors.log URI, and contains MySQL credentials if a MySQL error (such as "Too many connections") has occurred.

Affected (1)

Products: Anchorcms: Anchor

Anchorcms

1 product

Anchor

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Anchorcms Anchor	Version 0.12.3

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (10)

http://packetstormsecurity.com/files/154723/Anchor-CMS-0.12.3a-Information-Disclosure.html

Source: cve@mitre.org

http://www.andmp.com/2018/02/advisory-assigned-CVE-2018-7251-in-anchorcms.html

Source: cve@mitre.org

Third Party Advisory

https://github.com/anchorcms/anchor-cms/issues/1247

Source: cve@mitre.org

Issue TrackingThird Party Advisory

https://github.com/anchorcms/anchor-cms/releases/tag/0.12.7

Source: cve@mitre.org

https://twitter.com/finnwea/status/965279233030393856

Source: cve@mitre.org

http://packetstormsecurity.com/files/154723/Anchor-CMS-0.12.3a-Information-Disclosure.html