
CVE-2018-7251 Scanner
CVE-2018-7251 scanner - Credential Disclosure vulnerability in Anchor
Short Info
Level
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
15 seconds
Time Interval
24 days 15 hours
Scan only one
URL
Toolbox
Anchor is a popular content management system (CMS) that is widely used for developing and managing websites. It is a lightweight and flexible CMS that allows developers to create highly customized websites with minimal effort. Anchor is known for its user-friendly interface, powerful features, and excellent performance. It is an open-source CMS that can be downloaded and used for free.
CVE-2018-7251 is a vulnerability that was detected in Anchor 0.12.3. The vulnerability is related to an issue in config/error.php, which exposes the error log at an errors.log URI. This error log may contain sensitive information, such as MySQL credentials, if a MySQL error occurs. An attacker can exploit this vulnerability by sending a specially crafted request to the server, which could allow them to extract sensitive information from the error log.
When this vulnerability is exploited, it can lead to severe consequences. An attacker who gains access to sensitive information, such as MySQL credentials, can use it to launch further attacks. For instance, they can gain access to the database and extract confidential information, such as usernames, passwords, and other sensitive data. In some cases, they can even modify data, which can result in data breaches, financial loss, and reputational damage.
Thanks to the pro features of the s4e.io platform, users can easily and quickly learn about vulnerabilities in their digital assets. The platform offers comprehensive vulnerability assessment and management services that can help users identify and eliminate vulnerabilities in their websites and web applications. With advanced scanning, reporting, and remediation capabilities, users can ensure that their digital assets are secure and protected from cyber threats.
REFERENCES
- http://packetstormsecurity.com/files/154723/Anchor-CMS-0.12.3a-Information-Disclosure.html
- http://www.andmp.com/2018/02/advisory-assigned-CVE-2018-7251-in-anchorcms.html
- https://github.com/anchorcms/anchor-cms/issues/1247
- https://github.com/anchorcms/anchor-cms/releases/tag/0.12.7
- https://twitter.com/finnwea/status/965279233030393856