CVE-2015-7902

Mango Automation <2.6.0-430 - Info Disclosure

Title source: llm

Description

Infinite Automation Mango Automation 2.5.x and 2.6.x before 2.6.0 build 430 provides different error messages for failed login attempts in unspecified circumstances, which allows remote attackers to obtain sensitive information via a series of requests.

Exploits (1)

exploitdb WORKING POC

webappsjsp

https://www.exploit-db.com/exploits/38338

View on exploitdb

References (1)

[Patch, Third Party Advisory, US Government Resource] https://ics-cert.us-cert.gov/advisories/ICSA-15-300-02

Scores

EPSS 0.0949

EPSS Percentile 92.7%

Classification

CWE

CWE-200

Status draft

Affected Products (3)

infinite_automation_systems/mango_automation

infinite_automation_systems/mango_automation

infinite_automation_systems/mango_automation

Timeline

Published Oct 28, 2015

Tracked Since Feb 18, 2026