Description

Information disclosure issue in qdPM 8.3 allows remote attackers to obtain sensitive information via a direct request to (1) core/config/databases.yml, (2) core/log/qdPM_prod.log, or (3) core/apps/qdPM/config/settings.yml.

Remediation

References

CVE-2015-3881

Related Vulnerabilities

Jboss EAP Uncontrolled Resource Consumption Vulnerability (CVE-2016-8627)

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-1830)

WordPress Plugin WP Forum Server Multiple SQL Injection (1.6.5)

WordPress Plugin All-In-One Security (AIOS)-Security and Firewall Cross-Site Scripting (4.1.9)

Joomla! Core 1.7.x Information Disclosure (1.7.0 - 1.7.4)

Severity

High

Classification

CVE-2015-3881 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities