In DonWeb Ferozo Hosting v1.1, a remote attacker can exploit URL parameters to access sensitive data, including database credentials. Attack vectors include network sniffing, server logs, and browser history, potentially exposing organizations to major security breaches and data protection violations. Mitigating with HTTPS and secure logging practices is essential.
- Low
- None (Unauthenticated remote attackers can exploit this vulnerability.)
- Not Required
- URL Parameter Handling: The vulnerability lies in how URL parameters are handled, potentially leaking sensitive data.
- Data Breach: Exposure of sensitive data such as database credentials.
- Regulatory Risk: May lead to legal repercussions for affected organizations.
CVE-2024-50961
Reported by [Facundo Fernandez / Security Researcher]