CVE-2015-7902

Mango Automation <2.6.0-430 - Info Disclosure

Title source: llm

Description

Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 provides different error messages for failed login attempts in unspecified circumstances, which allows remote attackers to obtain sensitive information via a series of requests.

Exploits (1)

exploitdb WORKING POC

webappsjsp

https://www.exploit-db.com/exploits/38338

View Code ZIP pw:eip

References (1)

[Patch, Third Party Advisory, US Government Resource] https://ics-cert.us-cert.gov/advisories/ICSA-15-300-02

Scores

EPSS 0.1235

EPSS Percentile 93.9%

Details

CWE

CWE-200

Status published

Products (3)

infinite_automation_systems/mango_automation 2.5.0

infinite_automation_systems/mango_automation 2.5.5

infinite_automation_systems/mango_automation 2.6.0

Published Oct 28, 2015

Tracked Since Feb 18, 2026