Description
monitor/index.php in op5 Monitor and op5 Appliance before 5.5.1 allows remote authenticated users to obtain sensitive information such as database and user credentials via error messages that are triggered by (1) a malformed hoststatustypes parameter to status/service/all or (2) a crafted request to config.
References (6)
Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/78067
Various Sources x_refsource_confirm
https://bugs.op5.com/view.php?id=5094
Various Sources x_refsource_confirm
http://www.op5.com/news/support-news/fixed-vulnerabilities-op5-monitor-op5-appliance/
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/47344
Mailing List mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2012/Jan/62
Exploit x_refsource_misc
http://www.ekelow.se/file_uploads/Advisories/ekelow-aid-2012-01.pdf
Scores
EPSS
0.0194
EPSS Percentile
77.7%
Details
CWE
CWE-200
Status
published
Products (4)
op5/monitor
5.3.5
op5/monitor
5.4.0
op5/monitor
5.4.2
op5/monitor
< 5.5.0
Published
Dec 31, 2013
Tracked Since
Feb 18, 2026