PT-2026-33100 · Slah · Slah
Published
2026-04-15
·
Updated
2026-04-17
·
CVE-2026-30994
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Slah versions prior to 1.5.1
Description
Incorrect access control in the 'config.php' component allows unauthenticated attackers to access sensitive information, including active session credentials.
Recommendations
Update to a version newer than 1.5.0.
Restrict access to the 'config.php' component to minimize the risk of exploitation.
Fix
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Slah