CVE-2015-7900

Infinite Automation Mango Automation <2.6.0-430 - Info Disclosure

Title source: llm

Description

Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 allows remote attackers to obtain sensitive debugging information by entering a crafted URL to trigger an exception, and then visiting a certain status page.

Exploits (1)

exploitdb WORKING POC

webappsjsp

https://www.exploit-db.com/exploits/38338

View Code ZIP pw:eip

References (1)

[Patch, Third Party Advisory, US Government Resource] https://ics-cert.us-cert.gov/advisories/ICSA-15-300-02

Scores

EPSS 0.1281

EPSS Percentile 94.0%

Details

CWE

CWE-200

Status published

Products (3)

infinite_automation_systems/mango_automation 2.5.0

infinite_automation_systems/mango_automation 2.5.5

infinite_automation_systems/mango_automation 2.6.0

Published Oct 28, 2015

Tracked Since Feb 18, 2026