CVE-2015-7900

Infinite Automation Mango Automation <2.6.0-430 - Info Disclosure

Title source: llm

Description

Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote attackers to obtain sensitive debugging information by entering a crafted URL to trigger an exception, and then visiting a certain status page.

Exploits (1)

exploitdb WORKING POC

webappsjsp

https://www.exploit-db.com/exploits/38338

View on exploitdb

References (1)

[Patch, Third Party Advisory, US Government Resource] https://ics-cert.us-cert.gov/advisories/ICSA-15-300-02

Scores

EPSS 0.0986

EPSS Percentile 92.9%

Classification

CWE

CWE-200

Status draft

Affected Products (3)

infinite_automation_systems/mango_automation

Timeline

Published Oct 28, 2015

Tracked Since Feb 18, 2026