Description
Information disclosure issue in qdPM 8.3 allows remote attackers to obtain sensitive information via a direct request to (1) core/config/databases.yml, (2) core/log/qdPM_prod.log, or (3) core/apps/qdPM/config/settings.yml.
Remediation
References
Related Vulnerabilities
WordPress Plugin Front File Manager 'upload.php' Arbitrary File Upload (0.1)
LimeSurvey Improper Restriction of Rendered UI Layers or Frames Vulnerability (CVE-2019-16175)
PostgreSQL Resource Management Errors Vulnerability (CVE-2009-0922)
WordPress Plugin Custom Dashboard & Login Page-AGCA Cross-Site Request Forgery (6.5.4)