Skip to content

Remote attacker can access sensitive data exposed on the URL

Notifications You must be signed in to change notification settings

fdzdev/CVE-2024-50961

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
 
 

Repository files navigation

Sensitive Data Exposure (CVE-2024-50961)

Description

In DonWeb Ferozo Hosting v1.1, a remote attacker can exploit URL parameters to access sensitive data, including database credentials. Attack vectors include network sniffing, server logs, and browser history, potentially exposing organizations to major security breaches and data protection violations. Mitigating with HTTPS and secure logging practices is essential.

Attack Complexity

  • Low

Privileges Required

  • None (Unauthenticated remote attackers can exploit this vulnerability.)

User Interaction

  • Not Required

Affected Components

  • URL Parameter Handling: The vulnerability lies in how URL parameters are handled, potentially leaking sensitive data.

Impact

  • Data Breach: Exposure of sensitive data such as database credentials.
  • Regulatory Risk: May lead to legal repercussions for affected organizations.

CVE-2024-50961
Reported by [Facundo Fernandez / Security Researcher]

About

Remote attacker can access sensitive data exposed on the URL

Topics

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published