Severity High Medium Low Informational Vulnerability Categories Abuse Of Functionality Acumonitor Arbitrary File Creation Authentication Bypass Bruteforce Possible Buffer Overflow CSRF CSTI Code Execution Configuration Crlf Injection Deepscan Default Credentials Denial Of Service Dev Files Directory Listing Directory Traversal Eli Injection Error Handling File Inclusion Http Parameter Pollution Http Response Splitting Information Disclosure Insecure Admin Access Insecure Deserialization Internal Ip Disclosure Known Vulnerabilities Ldap Injection Malware Missing Update Privilege Escalation SSRF Sensitive Data Not Over Ssl Server Side Template Injection Session Fixation Source Code Disclosure Sql Injection Test Files Unauthenticated File Upload Url Redirection Weak Credentials Weak Crypto XFS XSS XXE Xpath Injection Vulnerability Name CVE CWE CWE Severity Password found in server response CWE-312 CWE-312 Medium Payara Micro File Read (CVE-2021-41381) CVE-2021-41381 CWE-22 CWE-22 Medium PHP-CS-Fixer cache file publicly accessible (.php_cs.cache) CWE-200 CWE-200 Medium PHP-FPM Status Page CWE-200 CWE-200 Medium PHP4 IMAP module buffer overflow vulnerability CWE-119 CWE-119 Medium PHP 4.3.0 file disclosure and possible code execution CVE-2003-0097 CWE-20 CWE-20 Medium PHP allow_url_fopen enabled CWE-829 CWE-829 Medium PHP allow_url_include enabled CWE-829 CWE-829 Medium PHP Console addon enabled CWE-200 CWE-200 Medium PHP curl_exec() url is controlled by user CVE-2009-0037 CWE-352 CWE-352 Medium PHP Debug Bar enabled CWE-200 CWE-200 Medium PHP enable_dl enabled CWE-470 CWE-470 Medium PHP errors enabled CWE-209 CWE-209 Medium PHP errors enabled CWE-209 CWE-209 Medium PHP eval() used on user input CWE-95 CWE-95 Medium Phpfastcache phpinfo publicly accessible (CVE-2021-37704) CVE-2021-37704 CWE-200 CWE-200 Medium PHP hangs on parsing particular strings as floating point number CVE-2010-4645 CWE-189 CWE-189 Medium PHP HTTP POST incorrect MIME header parsing vulnerability CVE-2002-0717 CWE-20 CWE-20 Medium PHPinfo page CWE-200 CWE-200 Medium PHPinfo pages CWE-200 CWE-200 Medium PHP mail function ASCII control character header spoofing vulnerability CVE-2002-0986 CWE-20 CWE-20 Medium PHP multipart/form-data denial of service CVE-2009-4017 CWE-400 CWE-400 Medium PHP object deserialization of user-supplied data CWE-20 CWE-20 Medium PHP opcache-gui publicly accessible CWE-200 CWE-200 Medium PHP opcache-status page publicly accessible CWE-200 CWE-200 Medium PHP open_basedir is not set CWE-664 CWE-664 Medium PHP open_basedir is not set CWE-664 CWE-664 Medium PHP preg_replace used on user input CWE-20 CWE-20 Medium PHP register_globals enabled CWE-1108 CWE-1108 Medium PHP session.use_only_cookies disabled CWE-598 CWE-598 Medium PHP session.use_trans_sid enabled CWE-598 CWE-598 Medium PHP session.use_trans_sid enabled CWE-598 CWE-598 Medium PHP socket_iovec_alloc() integer overflow CVE-2003-0172 CWE-119 CWE-119 Medium PHP super-globals-overwrite CWE-1108 CWE-1108 Medium PHP undefined Safe_Mode_Include_Dir safemode bypass vulnerability CVE-2003-0863 CWE-829 CWE-829 Medium PHP unserialize() used on user input CWE-20 CWE-20 Medium PHP unspecified remote arbitrary file upload vulnerability CVE-2004-0959 CWE-20 CWE-20 Medium PHP upload arbitrary file disclosure vulnerability CVE-2000-0860 CWE-538 CWE-538 Medium PHP version older than 4.3.8 CVE-2004-0594 CVE-2004-0595 CWE-1104 CWE-1104 Medium Play framework weak secret key CWE-693 CWE-693 Medium Possible social security number disclosed CWE-200 CWE-200 Medium Pyramid debug mode CWE-489 CWE-489 Medium Pyramid DebugToolbar enabled CWE-200 CWE-200 Medium Pyramid framework weak secret key CWE-693 CWE-693 Medium Python object deserialization of user-supplied data CWE-20 CWE-20 Medium Python web application source code disclosure CWE-540 CWE-540 Medium rack-mini-profiler environment variables disclosure CWE-287 CWE-287 Medium Rails application running in development mode CWE-200 CWE-200 Medium Rails controller possible sensitive information disclosure CWE-200 CWE-200 Medium Redis Unauthorized Access Vulnerability CWE-200 CWE-200 Medium Reverse proxy bypass CVE-2011-3368 CWE-20 CWE-20 Medium Reverse proxy misrouting through HTTP/2 pseudo-headers (SSRF) CWE-918 CWE-918 Medium Ruby web application source code disclosure CWE-540 CWE-540 Medium Same origin method execution (SOME) CWE-20 CWE-20 Medium Same site scripting CWE-16 CWE-16 Medium SAP BO BIP SSRF (CVE-2020-6308) CWE-918 CWE-918 Medium SAP ICF /sap/public/info sensitive information disclosure CWE-200 CWE-200 Medium SAP ICF URL redirection Vulnerability CWE-601 CWE-601 Medium SAP NetWeaver Java AS WD_CHAT information disclosure vulnerability CWE-200 CWE-200 Medium SAP NetWeaver server info information disclosure CWE-200 CWE-200 Medium SAP NetWeaver server info information disclosure BCB CWE-200 CWE-200 Medium Secrets leakage CWE-200 CWE-200 Medium Server-based source code disclosures CWE-538 CWE-538 Medium SharePoint exposed web services CWE-200 CWE-200 Medium SharePoint Reflected Cross-Site Scripting (CVE-2017-8514) CVE-2017-8514 CWE-80 CWE-80 Medium Sonicwall SMA 100 Unintended proxy (CVE-2021-20042) CWE-441 CWE-441 Medium Source code disclosures CWE-538 CWE-538 Medium Spring Boot Actuator CWE-489 CWE-489 Medium Spring Boot Actuator v2 CWE-489 CWE-489 Medium Spring Boot Misconfiguration: Actuator endpoint security disabled CWE-16 CWE-16 Medium Spring Boot Misconfiguration: Admin MBean enabled CWE-16 CWE-16 Medium Spring Boot Misconfiguration: All Spring Boot Actuator endpoints are web exposed CWE-16 CWE-16 Medium Spring Boot Misconfiguration: Datasource credentials stored in the properties file CWE-16 CWE-16 Medium Spring Boot Misconfiguration: Developer tools enabled on production CWE-16 CWE-16 Medium Spring Boot Misconfiguration: H2 console enabled CWE-16 CWE-16 Medium 12345 4 / 5
