Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Headstart Solutions DeskPRO stores sensitive information under the web root with insufficient access control, which allows remote attackers to (1) list files in the includes/ directory; obtain the SQL username and password via a direct request for (2) config.php and (3) config.php.bak in includes/; read files in (4) email/, (5) admin/graphs/, (6) includes/javascript/, and (7) certain other includes/ directories via direct requests; and download SQL database data via direct requests for (8) data.sql, (9) install.sql, (10) settings.sql, and possibly other files in install/v2data/.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Headstart Solutions DeskPRO 网根敏感信息泄露漏洞
Vulnerability Description
Headstart Solutions DeskPRO在网根中储存敏感信息,但没有赋予足够的访问控制,这会允许远程攻击者(1)列出在includes/目录中的文件;可以借助对includes/中的(2)config.php和(3)config.php.bak的一个直接请求来获得SQL用户名和密码;可以借助提交直接的请求,读取在(4)email/,(5)admin/graphs/,(6)includes/javascript/,和(7)某些其它的includes/目录中的文件; 可以借助对(8)data.s
CVSS Information
N/A
Vulnerability Type
N/A