Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Contenido CMS stores sensitive data under the web root with insufficient access control, which allows remote attackers to obtain database credentials and other information via a direct request to (1) db_msql.inc, (2) db_mssql.inc, (3) db_mysqli.inc, (4) db_oci8.inc, (5) db_odbc.inc, (6) db_oracle.inc, (7) db_pgsql.inc, or (8) db_sybase.inc in the conlib/ directory.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Contenido CMS 敏感数据泄露漏洞
Vulnerability Description
Contenido CMS在web根目录下存储敏感数据,且访问控制较弱,从而远程攻击者可以通过直接请求conlib/目录下的(1)db_msql.inc,(2)db_mssql.inc,(3)db_mysqli.inc,(4)db_oci8.inc,(5)db_odbc.inc,(6)db_oracle.inc,(7)db_pgsql.inc或(8)db_sybase.inc来获取数据库凭证和其他信息。
CVSS Information
N/A
Vulnerability Type
N/A