Description
selectawasset.asp in Layton Helpbox 4.4.0 allows remote attackers to discover ODBC database credentials via an element=sys_asset_id request, which is not properly handled during construction of an error page.
References (1)
Core 1
Core References
Various Sources x_refsource_misc
http://www.reactionpenetrationtesting.co.uk/helpbox-creds-error-page.html
Scores
EPSS
0.0119
EPSS Percentile
64.1%
Details
CWE
CWE-200
Status
published
Products (1)
layton_technology/helpbox
4.4.0
Published
Dec 12, 2012
Tracked Since
Feb 18, 2026