Description

Acunetix determined that it is possible to access an installer of the web application without authentication. Depending on the installer, an attacker can takeover of the server.

Remediation

Restrict access to the installer

Related Vulnerabilities

PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2010-1915)

WordPress Plugin BuddyPress Multiple Vulnerabilities (9.0.0)

Jupyter Notebook publicly accessible

MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-31546)

WordPress Plugin MP3-jPlayer Information Disclosure (2.3.2)

Severity

Medium

Classification

CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N

Tags

Insecure Admin Access Configuration