SIK-2017-053


Title:

PHPinfo publicly accessible on greenalp.com via RealTime GPS Tracker Website

Report ID

SIK-2017-053

Summary:

  • Vendor: Greenalp
  • Product: greenalp.com (website)
  • Affected Version: last accessed 2017-08-16
  • Severity: Low
  • Short summary: PHPinfo is publicly accessible and enables an adversary to view version info of PHP, PHP packages and the OS.

Details:

Visit

https://www.greenalp.com/test.php

To view the phpinfo.

Workaround

None

Suggested Mitigation

Disallow anybody to view this information.

Timeline

  • 2017-08-26: Vulnerability discovered
  • 2017-08-29: First email sent to support
  • 2017-08-30: Advisory sent to developer
  • 2017-08-31: Fixed by developer
  • 2018-08-11: Published