CVE-2018-13789

HIGH

Descor Infocad FM <3.1.0.0 - Info Disclosure

Title source: llm

Description

An issue was discovered in Descor Infocad FM before 3.1.0.0. An unauthenticated web service allows the retrieval of files on the web server and on reachable SMB servers.

References (1)

[Third Party Advisory] https://www.quantumleap.it/infocad-facility-management-cve-2018-13789-unauthenticated-webservice-allows-retrieval-arbitrary-files/

Scores

CVSS v3 7.5

EPSS 0.0031

EPSS Percentile 53.8%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-522 CWE-287 CWE-294

Status published

Products (1)

descor/infocad_fm < 3.1.0.0

Published Oct 10, 2018

Tracked Since Feb 18, 2026