mirror of
https://github.com/0xMarcio/cve.git
synced 2025-05-28 01:04:30 +00:00
906 B
906 B
CVE-2018-19513
Description
In Webgalamb through 7.0, log files are exposed to the internet with predictable files/logs/sql_error_log/YYYY-MM-DD-sql_error_log.log filenames. The log file could contain sensitive client data (email addresses) and also facilitates exploitation of SQL injection errors.
POC
Reference
- http://packetstormsecurity.com/files/151017/Webgalamb-Information-Disclosure-XSS-CSRF-SQL-Injection.html
- http://packetstormsecurity.com/files/151017/Webgalamb-Information-Disclosure-XSS-CSRF-SQL-Injection.html
Github
No PoCs found on GitHub currently.