CVE-2012-0263

op5 Monitor/Appliance <5.5.1 - Info Disclosure

Title source: llm
STIX 2.1

Description

monitor/index.php in op5 Monitor and op5 Appliance before 5.5.1 allows remote authenticated users to obtain sensitive information such as database and user credentials via error messages that are triggered by (1) a malformed hoststatustypes parameter to status/service/all or (2) a crafted request to config.

References (6)

Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/78067
Various Sources x_refsource_confirm
https://bugs.op5.com/view.php?id=5094
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/47344
Mailing List mailing-list x_refsource_fulldisc
http://seclists.org/fulldisclosure/2012/Jan/62

Scores

EPSS 0.0194
EPSS Percentile 77.7%

Details

CWE
CWE-200
Status published
Products (4)
op5/monitor 5.3.5
op5/monitor 5.4.0
op5/monitor 5.4.2
op5/monitor < 5.5.0
Published Dec 31, 2013
Tracked Since Feb 18, 2026