SIK-2017-053
Title:
PHPinfo publicly accessible on greenalp.com via RealTime GPS Tracker Website
Report ID
SIK-2017-053
Summary:
- Vendor: Greenalp
- Product: greenalp.com (website)
- Affected Version: last accessed 2017-08-16
- Severity: Low
- Short summary: PHPinfo is publicly accessible and enables an adversary to view version info of PHP, PHP packages and the OS.
Details:
Visit
https://www.greenalp.com/test.php
To view the phpinfo.
Workaround
None
Suggested Mitigation
Disallow anybody to view this information.
Timeline
- 2017-08-26: Vulnerability discovered
- 2017-08-29: First email sent to support
- 2017-08-30: Advisory sent to developer
- 2017-08-31: Fixed by developer
- 2018-08-11: Published