CVE-2018-7251

high-risk
Published 2018-02-19

An issue was discovered in config/error.php in Anchor 0.12.3. The error log is exposed at an errors.log URI, and contains MySQL credentials if a MySQL error (such as "Too many connections") has occurred.

Do I need to act?

!
90.9% chance of exploitation in next 30 days
EPSS score — higher than 9% of all CVEs
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
!
1 public exploit available
47459
+
Fix available
Upgrade to: 08e8e507909ee55b588674563b8ea21646ed9425
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Anchorcms

References (10)

http://packetstormsecurity.com/files/154723/Anchor-CMS-0.12.3a-Information-Discl...
Third Party Advisory http://www.andmp.com/2018/02/advisory-assigned-CVE-2018-7251-in-anchorcms.html
Issue Tracking https://github.com/anchorcms/anchor-cms/issues/1247
https://github.com/anchorcms/anchor-cms/releases/tag/0.12.7
https://twitter.com/finnwea/status/965279233030393856
http://packetstormsecurity.com/files/154723/Anchor-CMS-0.12.3a-Information-Discl...
Third Party Advisory http://www.andmp.com/2018/02/advisory-assigned-CVE-2018-7251-in-anchorcms.html
Issue Tracking https://github.com/anchorcms/anchor-cms/issues/1247
https://github.com/anchorcms/anchor-cms/releases/tag/0.12.7
https://twitter.com/finnwea/status/965279233030393856
57
/ 100
high-risk
Severity 32/34 · Critical
Exploitability 20/34 · Moderate
Exposure 5/34 · Minimal