Description
Acunetix determined that it was possible to access ImageResizer Diagnotics plugin without authentication.
Remediation
Restrict access to ImageResizer Diagnotics plugin
References
Related Vulnerabilities
TorchServe Management API publicly exposed
PostgreSQL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-7486)
Roundcube Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2010-0464)
WordPress Plugin Sliced Invoices-WordPress Invoice Multiple Vulnerabilities (3.8.2)
WordPress Plugin Debug Log Manager Information Disclosure (2.2.2)