Description

Acunetix determined that it is possible to access an installer of the web application without authentication. Depending on the installer, an attacker can takeover of the server.

Remediation

Restrict access to the installer

References

OWASP Authentication Cheat Sheet

Related Vulnerabilities

Apache 2.x version equal to 2.0.51

Apache Tomcat version older than 7.0.21

SAP ICF /sap/public/info sensitive information disclosure

SAP weak/predictable user credentials

WordPress Plugin Total Upkeep-WordPress Backup plus Restore & Migrate by BoldGrid Information Disclosure (1.14.9)

Severity

Medium

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Insecure Admin Access Configuration