Exploitation Summary
EIP tracks 1 public exploit for CVE-2020-7959. PoCs published by Joel Aviad Ossi.
AI-analyzed exploit summary This exploit targets LabVantage 8.3 to disclose database names and versions by parsing HTML responses from vulnerable endpoints. It includes functionality to check for vulnerability and enumerate database names via crafted requests.
Description
LabVantage LIMS 8.3 does not properly maintain the confidentiality of database names. For example, the web application exposes the database name. An attacker might be able to enumerate database names by providing his own database name in a request, because the response will return an 'Unrecognized Database exception message if the database does not exist.
Exploits (1)
This exploit targets LabVantage 8.3 to disclose database names and versions by parsing HTML responses from vulnerable endpoints. It includes functionality to check for vulnerability and enumerate database names via crafted requests.
References (2)
Scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N