Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
E-WEBInformationCo. FS-EZViewer(Web) - Sensitive Data Exposure
Vulnerability Description
E-WEBInformationCo. FS-EZViewer(Web) exposes sensitive information in the service. A remote attacker can obtain the database configuration file path through the webpage source code without login. Accessing this path allows attacker to obtain the database credential with the highest privilege and database host IP address. With this information, attackers can connect to the database and perform actions such as adding, modifying, or deleting database contents.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
信息暴露
Vulnerability Title
EC-WEB FS-EZViewer 信息泄露漏洞
Vulnerability Description
EC-WEB FS-EZViewer是一个在线文档查看应用。 EC-WEB FS-EZViewer 10.4.0.X及之前版本存在信息泄露漏洞,该漏洞源于存在敏感信息泄露漏洞。攻击者无需登录即可通过网页源代码获取数据库配置文件路径。
CVSS Information
N/A
Vulnerability Type
N/A