Submeter #753966: Foswiki 2.1.10 and before Information Disclosureinformação

TítuloFoswiki 2.1.10 and before Information Disclosure
DescriçãoAffected components: oops, changes and preview service endpoints Attack vector(s): To exploit the vulnerablility a specific HTTP url must be crafted. No local user account is required. Suggested description of the vulnerability for use in the CVE: An anonymous user can craft an HTTP url to the oops, changes or preview endpoint and disclose protected information. For example https://mysite.com/bin/oops/Web/SecretTopicWithFormData?template=view will disclose any data stored a the given page. Discoverer(s)/Credits: Jan Seebens (Deutsche Telekom Technik GmbH), Michael Daum (Michael Daum Consulting)
Fonte⚠️ https://foswiki.org/Tasks/Item15600
Utilizador
 Michael Daum (UID 95314)
Submissão07/02/2026 11h41 (há 3 meses)
Moderação20/02/2026 15h07 (13 days later)
EstadoAceite
Entrada VulDB347101 [Foswiki até 2.1.10 Changes/Viewfile/Oops Divulgação de Informação]
Pontos20

VoltarVisão GeralPróximo

Want to stay up to date on a daily basis?

Enable the mail alert feature now!