CVE-2011-0435

Domain Technologie Control (DTC) before 0.32.9 does not require authentication for (1) admin/bw_per_month.php and (2) client/bw_per_month.php, which allows remote attackers to obtain potentially sensitive bandwidth information via a direct request.
Severity
UNKNOWN
AV:N/AC:L/Au:N/C:P/I:N/A:N
Atk. Vector
NETWORK
Atk. Complexity
LOW
Base Score
CVSS 3.x
EPSS Score
Percentile: 80%
VendorProductVersion
gplhostdomain_technologie_control
𝑥
≤ 0.32.8
gplhostdomain_technologie_control
0.24.6
gplhostdomain_technologie_control
0.25.1
gplhostdomain_technologie_control
0.25.2
gplhostdomain_technologie_control
0.25.3
gplhostdomain_technologie_control
0.26.7
gplhostdomain_technologie_control
0.26.8
gplhostdomain_technologie_control
0.26.9
gplhostdomain_technologie_control
0.27.3
gplhostdomain_technologie_control
0.28.2
gplhostdomain_technologie_control
0.28.3
gplhostdomain_technologie_control
0.28.4
gplhostdomain_technologie_control
0.28.6
gplhostdomain_technologie_control
0.28.9
gplhostdomain_technologie_control
0.28.10
gplhostdomain_technologie_control
0.29.1
gplhostdomain_technologie_control
0.29.6
gplhostdomain_technologie_control
0.29.8
gplhostdomain_technologie_control
0.29.10
gplhostdomain_technologie_control
0.29.14
gplhostdomain_technologie_control
0.29.15
gplhostdomain_technologie_control
0.29.16
gplhostdomain_technologie_control
0.29.17
gplhostdomain_technologie_control
0.30.6
gplhostdomain_technologie_control
0.30.8
gplhostdomain_technologie_control
0.30.10
gplhostdomain_technologie_control
0.30.18
gplhostdomain_technologie_control
0.30.20
gplhostdomain_technologie_control
0.32.1
gplhostdomain_technologie_control
0.32.2
gplhostdomain_technologie_control
0.32.3
gplhostdomain_technologie_control
0.32.4
gplhostdomain_technologie_control
0.32.5
gplhostdomain_technologie_control
0.32.6
gplhostdomain_technologie_control
0.32.7
𝑥
= Vulnerable software versions