CVE-2022-26159 Scanner
Detects 'Information Disclosure' vulnerability in Auto-Completion plugin for Ametys CMS affects v. before 4.5.0.
Short Info
Level
Medium
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 second
Time Interval
4 week
Scan only one
Url
Toolbox
-
The Auto-Completion plugin is a feature that is commonly used in Ametys CMS to help users search for content within the system. The plugin provides suggestions as the user types, making it easier to find the content they need. It is especially useful when users are searching for pages with long titles or complex keywords. The Auto-Completion plugin for Ametys CMS is a valuable tool for anyone who needs to navigate their CMS efficiently.
The CVE-2022-26159 vulnerability was recently detected in Ametys CMS's Auto-Completion plugin, and it is critical that all users take steps to protect their system. This vulnerability allows remote, unauthenticated attackers to access sensitive documents such as <domain>/en.xml. The compromised documents contain all the characters typed by all users, including the content of private pages. This means that usernames, email addresses, and even passwords could be exposed to attackers.
If this vulnerability is exploited, it can lead to significant damage to an organization's digital assets. Attackers could use the information gained through the vulnerability to access sensitive information belonging to users of the system. Additionally, any sensitive organizational information stored in the CMS's private pages could be at risk. This could result in identity theft, data breaches, and other cyberattacks.
Thanks to the pro features of the s4e.io platform, users can quickly and easily learn about vulnerabilities in their digital assets. With our comprehensive suite of security tools and resources, users can stay informed about the latest threats and take proactive steps to protect their digital assets. Don't let cybersecurity vulnerabilities compromise your organization's sensitive information—sign up for s4e.io today!
REFERENCES