PT-2018-17977 · Anchor · Anchor

Pehelwan

Published

2018-02-19

Updated

2022-05-13

CVE-2018-7251

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Anchor version 0.12.3

Description An issue was discovered in the config/error.php file. The error log is exposed at the "errors.log" URI and contains MySQL credentials if a MySQL error, such as "Too many connections", has occurred.

Recommendations For Anchor version 0.12.3, consider restricting access to the "errors.log" URI to prevent exposure of MySQL credentials. As a temporary workaround, restrict access to the config/error.php file until a patch is available.

Exploit

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2018-7251

GHSA-HXCW-PQQC-RV85

Affected Products

Anchor

PT-2018-17977 · Anchor · Anchor

CVE-2018-7251

Weakness Enumeration

Related Identifiers

Affected Products

References · 10