CVE-2020-24925
HIGHElkarBackup 1.3.3 - Sensitive Information Exposure via Error Message
Title source: llmDescription
A Sensitive Source Code Path Disclosure vulnerability is found in ElkarBackup v1.3.3. An attacker is able to view the path of the source code jobs/sort where entire source code path is displayed in the browser itself helping the attacker identify the code structure /app/elkarbackup/src/Binovo/ElkarBackupBundle/Controller/DefaultController.php
References (2)
Core 2
Core References
Product x_refsource_misc
https://www.elkarbackup.org/
Exploit, Third Party Advisory x_refsource_misc
https://vyshnavvizz.blogspot.com/2020/09/sensitive-information-disclosure-source.html
Scores
CVSS v3
7.5
EPSS
0.0096
EPSS Percentile
56.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-209
Status
published
Products (1)
elkarbackup/elkarbackup
1.3.3
Published
Sep 15, 2020
Tracked Since
Feb 18, 2026