CVE-2020-37104

Name of the Vulnerable Software and Affected Versions ASTPP version 4.0.1

Description An information disclosure issue exists that allows unauthenticated attackers to download database backup files by predicting backup filename patterns. Attackers can generate a list of 6-digit PIN combinations and attempt to access the backup download URL to exfiltrate sensitive database information from the /database backup/ directory.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.