Exposure of Sensitive Client Data and SQL Injection Exploitation via Predictable Log File Names in Webgalamb

Exposure of Sensitive Client Data and SQL Injection Exploitation via Predictable Log File Names in Webgalamb

CVE-2018-19513 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

In Webgalamb through 7.0, log files are exposed to the internet with predictable files/logs/sql_error_log/YYYY-MM-DD-sql_error_log.log filenames. The log file could contain sensitive client data (email addresses) and also facilitates exploitation of SQL injection errors.

Learn more about our Cis Benchmark Audit For Microsoft Sql Server.