Information Disclosure Vulnerability in qdPM 8.3 by Ross Marks
CVE-2015-3882

5.3MEDIUM

Key Information:

Vendor

Qdpm

Status
Qdpm
Vendor
CVE Published:
17 March 2017

What is CVE-2015-3882?

qdPM version 8.3 contains a vulnerability that allows remote attackers to exploit invalid user ID values on the endpoint index.php/users/info/id/[ID]. This can lead to the exposure of sensitive information, including the installation path of the application, through error messages revealed during the attack.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://rossmarks.uk/whitepapers/qdPM_8.3.txt
x_refsource_MISC
http://rossmarks.uk/portfolio.php
x_refsource_MISC

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.