Description
index.php in Gurock TestRail 5.3.0.3603 returns potentially sensitive information for an invalid request, as demonstrated by full path disclosure and the identification of PHP as the backend technology.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
https://gist.github.com/nenf/2f16cd547c2afe166d1cb3f88f18bf81
Scores
CVSS v3
5.3
EPSS
0.0110
EPSS Percentile
61.6%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (1)
gurock/testrail
5.3.0.3603
Published
Feb 07, 2019
Tracked Since
Feb 18, 2026