Vulnerability Details CVE-2014-8874
The ke_questionnaire extension 2.5.2 and earlier for TYPO3 uses predictable names for the questionnaire answer forms, which makes it easier for remote attackers to obtain sensitive information via a direct request.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 51.3%
CVSS Severity
CVSS v2 Score 5.0
References
- http://seclists.org/fulldisclosure/2014/Dec/1
- http://www.securityfocus.com/archive/1/534126/100/0/threaded
- https://www.redteam-pentesting.de/advisories/rt-sa-2014-009
- http://seclists.org/fulldisclosure/2014/Dec/1
- http://www.securityfocus.com/archive/1/534126/100/0/threaded
- https://www.redteam-pentesting.de/advisories/rt-sa-2014-009
Products affected by CVE-2014-8874
-
cpe:2.3:a:kennziffer:ke_questionnaire:*