Paperthin: >> Commonspot Content Server >> 7.0.1 Security Vulnerabilities
PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to obtain sensitive information via requests to unspecified URIs, as demonstrated by pathname, SQL server, e-mail address, and IP address information.
CVSS Score
5.0
EPSS Score
0.003
Published
2014-04-15
The default configuration of PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 uses cleartext for storage of credentials in a database, which makes it easier for context-dependent attackers to obtain sensitive information via unspecified vectors.
CVSS Score
5.0
EPSS Score
0.003
Published
2014-04-15
PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 relies on an HTTP session for entering credentials on login pages, which allows remote attackers to obtain sensitive information by sniffing the network.
CVSS Score
5.0
EPSS Score
0.003
Published
2014-04-15
PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to obtain potentially sensitive information from a directory listing via unspecified vectors.
CVSS Score
5.0
EPSS Score
0.003
Published
2014-04-15
PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 does not require authentication for access to log files, which allows remote attackers to obtain sensitive server information by using a predictable name in a request for a file.
CVSS Score
5.0
EPSS Score
0.003
Published
2014-04-15
PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to execute arbitrary code via shell metacharacters in an unspecified context.
CVSS Score
10.0
EPSS Score
0.044
Published
2014-04-15
Page 2