Full Path Disclosure and PHP Backend Identification Vulnerability in Gurock TestRail 5.3.0.3603

Full Path Disclosure and PHP Backend Identification Vulnerability in Gurock TestRail 5.3.0.3603

CVE-2019-7535 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

index.php in Gurock TestRail 5.3.0.3603 returns potentially sensitive information for an invalid request, as demonstrated by full path disclosure and the identification of PHP as the backend technology.

Learn more about our Web Application Penetration Testing UK.