CVE-2019-7535

EUVD-2019-17077
index.php in Gurock TestRail 5.3.0.3603 returns potentially sensitive information for an invalid request, as demonstrated by full path disclosure and the identification of PHP as the backend technology.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 45%
Affected Products (NVD)
VendorProductVersion
gurocktestrail
5.3.0.3603
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://gist.github.com/nenf/2f16cd547c2afe166d1cb3f88f18bf81
https://gist.github.com/nenf/2f16cd547c2afe166d1cb3f88f18bf81