Exposure of Sensitive Client Data and SQL Injection Exploitation via Predictable Log File Names in Webgalamb
CVE-2018-19513 · MEDIUM Severity
AV:N/AC:L/AU:N/C:P/I:N/A:N
In Webgalamb through 7.0, log files are exposed to the internet with predictable files/logs/sql_error_log/YYYY-MM-DD-sql_error_log.log filenames. The log file could contain sensitive client data (email addresses) and also facilitates exploitation of SQL injection errors.
Learn more about our Cis Benchmark Audit For Microsoft Sql Server.