Published: 19/02/2018 Updated: 03/10/2019

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 505

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

An issue exists in config/error.php in Anchor 0.12.3. The error log is exposed at an errors.log URI, and contains MySQL credentials if a MySQL error (such as "Too many connections") has occurred.

Vulnerable Product	Search on Vulmon	Subscribe to Product
anchorcms anchor 0.12.3

Check Point Reference: CPAI-2018-2651 Date Published: 24 Jan 2024 Severity: Critical ...

# Exploit Title: Information disclosure (MySQL password) in error log # Date: 2/10/2019 # Exploit Author: Tijme Gommers (twittercom/finnwea/) # Vendor Homepage: anchorcmscom/ # Software Link: githubcom/anchorcms/anchor-cms/releases # Version: 0123a # Tested on: Linux # CVE : CVE-2018-7251 # By default, AnchorCMS will l ...

Anchor CMS version 0123a information disclosure exploit ...

CWE-200 https://github.com/anchorcms/anchor-cms/issues/1247 http://www.andmp.com/2018/02/advisory-assigned-CVE-2018-7251-in-anchorcms.html https://twitter.com/finnwea/status/965279233030393856 http://packetstormsecurity.com/files/154723/Anchor-CMS-0.12.3a-Information-Disclosure.html https://github.com/anchorcms/anchor-cms/releases/tag/0.12.7 https://nvd.nist.gov https://www.exploit-db.com/exploits/47459 https://advisories.checkpoint.com/defense/advisories/public/2024/cpai-2018-2651.html

CVE-2018-7251

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect