CVE-2023-52286

Name of the Vulnerable Software and Affected Versions Tencent tdsqlpcloud versions 1.8.5 and earlier

Description The issue allows unauthenticated remote attackers to discover database credentials via an "index.php/api/install/get db info" request. This is a related issue to another previously identified problem.

Recommendations For versions 1.8.5 and earlier, as a temporary workaround, consider restricting access to the "index.php/api/install/get db info" endpoint until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.