PT-2020-15859 · Binovo · Elkarbackup

Published

2020-09-15

Updated

2021-07-21

CVE-2020-24925

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions ElkarBackup version 1.3.3

Description A Sensitive Source Code Path Disclosure issue is found, allowing an attacker to view the path of the source code, which displays the entire source code path in the browser. This helps the attacker identify the code structure, specifically in the /app/elkarbackup/src/Binovo/ElkarBackupBundle/Controller/DefaultController.php file.

Recommendations For ElkarBackup version 1.3.3, consider restricting access to the DefaultController.php file until a patch is available. As a temporary workaround, limit the information displayed in the browser to prevent disclosure of the source code path. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Generation of Error Message Containing Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-209

Related Identifiers

CVE-2020-24925

Affected Products

Elkarbackup

PT-2020-15859 · Binovo · Elkarbackup

CVE-2020-24925

Weakness Enumeration

Related Identifiers

Affected Products

References · 4