Description

Due to a misconfiguration of a web server, qdPM configuration files are accessible for unauthenticated users

Remediation

Restrict access to configuration files

References

qdPM

Related Vulnerabilities

Unicode Transformation (Best-Fit Mapping)

WordPress Plugin Google Drive for WordPress Information Disclosure (2.2)

WordPress Plugin WooCommerce Email Test Information Disclosure (1.5)

Vulnerable project dependencies

WordPress Plugin Media Library Assistant Information Disclosure (3.00)

Severity

High

Classification

CWE-260 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Configuration Information Disclosure