CVE-2020-7959

MEDIUM

LabVantage LIMS 8.3 - Info Disclosure

Title source: llm

Description

LabVantage LIMS 8.3 does not properly maintain the confidentiality of database names. For example, the web application exposes the database name. An attacker might be able to enumerate database names by providing his own database name in a request, because the response will return an 'Unrecognized Database exception message if the database does not exist.

Exploits (1)

exploitdb WORKING POC

by Joel Aviad Ossi · pythonwebappsjava

https://www.exploit-db.com/exploits/48090

View Code ZIP pw:eip

References (2)

[Exploit, Third Party Advisory] https://github.com/websecnl/LabVantage8.3-Exploit

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/48090

Scores

CVSS v3 5.3

EPSS 0.0021

EPSS Percentile 43.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE

CWE-203

Status published

Products (1)

labvantage/labvantage 8.3

Published Feb 17, 2020

Tracked Since Feb 18, 2026