上海商创网络科技有限公司

2 exploits Active since Apr 2022
CVE-2022-27055 WRITEUP HIGH WRITEUP
ecjia-daojia 1.38.1-20210202629 - Information Leakage via Installer Helper
ecjia-daojia 1.38.1-20210202629 is vulnerable to information leakage via content/apps/installer/classes/Helper.php. When the web program is installed, a new environment file is created, and the database information is recorded, including the database record password. NOTE: the vendor disputes this because the environment file is in the data directory, which is not intended for access by website visitors (only the statics directory can be accessed by website visitors)
CVSS 7.5
CVE-2022-27055 WRITEUP HIGH WRITEUP
ecjia-daojia 1.38.1-20210202629 - Information Leakage via Installer Helper
ecjia-daojia 1.38.1-20210202629 is vulnerable to information leakage via content/apps/installer/classes/Helper.php. When the web program is installed, a new environment file is created, and the database information is recorded, including the database record password. NOTE: the vendor disputes this because the environment file is in the data directory, which is not intended for access by website visitors (only the statics directory can be accessed by website visitors)
CVSS 7.5