CVE Vulnerabilities

CVE-2024-0191

Insertion of Sensitive Information into Externally-Accessible File or Directory

Published: Jan 02, 2024 | Modified: May 17, 2024
CVSS 3.x
5.3
MEDIUM
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

A vulnerability was found in RRJ Nueva Ecija Engineer Online Portal 1.0. It has been classified as problematic. Affected is an unknown function of the file /admin/uploads/. The manipulation leads to file and directory information exposure. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of this vulnerability is VDB-249504.

Weakness

The product places sensitive information into files or directories that are accessible to actors who are allowed to have access to the files, but not to the sensitive information.

Affected Software

Name Vendor Start Version End Version
Rrj_nueva_ecija_engineer_online_portal Nia 1.0 (including) 1.0 (including)

Potential Mitigations

References