mirror of
https://github.com/0xMarcio/cve.git
synced 2025-12-30 04:49:42 +00:00
865 B
865 B
CVE-2020-21994
Description
AVE DOMINAplus <=1.10.x suffers from clear-text credentials disclosure vulnerability that allows an unauthenticated attacker to issue a request to an unprotected directory that hosts an XML file '/xml/authClients.xml' and obtain administrative login information that allows for a successful authentication bypass attack.
POC
Reference
- https://www.exploit-db.com/exploits/47819
- https://www.zeroscience.mk/en/vulnerabilities/ZSL-2019-5550.php