qdPM 8.3 allows remote attackers to obtain sensitive information via invalid ID value to index.php/users/info/id/[ID], which reveals the installation path in an error message.
Max CVSS
5.3
EPSS Score
0.17%
Published
2017-03-17
Updated
2017-03-20
Information disclosure issue in qdPM 8.3 allows remote attackers to obtain sensitive information via a direct request to (1) core/config/databases.yml, (2) core/log/qdPM_prod.log, or (3) core/apps/qdPM/config/settings.yml.
Max CVSS
7.5
EPSS Score
1.06%
Published
2017-03-17
Updated
2017-03-20
2 vulnerabilities found