Description

Acunetix determined that it was possible to access ImageResizer Diagnotics plugin without authentication.

Remediation

Restrict access to ImageResizer Diagnotics plugin

References

Diagnostics plugin

Related Vulnerabilities

Wildcard Detected in Port Portion of Content Security Policy (CSP) Directive

Pentaho API Auth bypass (CVE-2021-31602)

Yii2 Gii extension

MySQL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-10379)

WordPress Plugin Login by Auth0 Multiple Vulnerabilities (3.11.3)

Severity

Low

Classification

CWE-200 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Configuration