CVE-2014-8938

HIGH

Lexiglot <2014-11-20 - Info Disclosure

Title source: llm

Description

Lexiglot through 2014-11-20 allows local users to obtain sensitive information by listing a process because the username and password are on the command line.

References (1)

[Exploit, Third Party Advisory] https://www.justanotherhacker.com/2018/05/jahx181_-_piwigo_lexiglot_multiple_vulnerabilities.html

Scores

CVSS v3 7.8

EPSS 0.0005

EPSS Percentile 16.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-522

Status published

Affected Products (1)

piwigo/lexiglot < 2014-11-20

Timeline

Published Jun 01, 2020

Tracked Since Feb 18, 2026