7.5
CVE-2022-27442
- EPSS 0.98%
- Veröffentlicht 04.04.2022 21:15:08
- Zuletzt bearbeitet 21.11.2024 06:55:44
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginTPCMS v3.2 allows attackers to access the ThinkPHP log directory and obtain sensitive information such as the administrator's user name and password.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Tpcms Project ≫ Tpcms Version3.2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.98% | 0.575 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
CWE-532 Insertion of Sensitive Information into Log File
The product writes sensitive information to a log file.
https://gitee.com/happy_source/tpcms/issues/I3YNWY