PT-2009-5882 · Hubscript · Hubscript
Published
2009-10-08
·
Updated
2017-08-17
·
CVE-2009-3600
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
HUBScript version 1.0
Description
The issue allows remote attackers to obtain configuration information by making a direct request to the "manage/phpinfo.php" API endpoint, which calls the
phpinfo() function.Recommendations
For HUBScript version 1.0, consider restricting access to the "manage/phpinfo.php" endpoint to prevent unauthorized disclosure of configuration information. As a temporary workaround, disabling the
phpinfo() function call in the affected endpoint can help minimize the risk of exploitation.Exploit
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Hubscript