Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
ASTPP 4.0.1 VoIP Billing - Database Backup Download
Vulnerability Description
ASTPP 4.0.1 contains an information disclosure vulnerability that allows unauthenticated attackers to download database backup files by predicting backup filename patterns. Attackers can generate a list of 6-digit PIN combinations and fuzz the backup download URL to exfiltrate sensitive database information from the /database_backup/ directory.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
文件和路径信息暴露
Vulnerability Title
ASTPP 安全漏洞
Vulnerability Description
ASTPP是Inextrix Technologies Pvt. Ltd开源的一个VoIP计费解决方案。 ASTPP 4.0.1版本存在安全漏洞,该漏洞源于信息泄露,可能导致未经验证的攻击者通过预测备份文件名模式下载数据库备份文件。
CVSS Information
N/A
Vulnerability Type
N/A