CVE-2019-1010308

Description

Aquaverde GmbH Aquarius CMS prior to version 4.1.1 is affected by: Incorrect Access Control. The impact is: The access to the log file is not restricted. It contains sensitive information like passwords etc. The component is: log file. The attack vector is: open the file.

Affected products

• Aquaverde GmbH / Aquarius CMSprior to version 4.1.1 – prior to version 4.1.1

References

• MISChttps://github.com/aquaverde/aquarius-core
• PATCHhttps://github.com/aquaverde/aquarius-core/commit/e1af89aa9df07ea265d879518ede9eb98aa494e0