Description

Information disclosure issue in qdPM 8.3 allows remote attackers to obtain sensitive information via a direct request to (1) core/config/databases.yml, (2) core/log/qdPM_prod.log, or (3) core/apps/qdPM/config/settings.yml.

Remediation

References

CVE-2015-3881

Related Vulnerabilities

Oracle HTTP Server Integer Overflow or Wraparound Vulnerability (CVE-2022-25315)

WordPress 5.2.x Multiple Vulnerabilities (5.2 - 5.2.19)

Joomla! Core 3.x.x Cross-Site Scripting (3.7.0 - 3.10.6)

WordPress Plugin Automattic Stats Referer Field HTML Injection (1.0)

Oracle Application Server CVE-2007-5521 Vulnerability (CVE-2007-5521)

Severity

High

Classification

CVE-2015-3881 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities