Vulnerability Description
ecjia-daojia 1.38.1-20210202629 is vulnerable to information leakage via content/apps/installer/classes/Helper.php. When the web program is installed, a new environment file is created, and the database information is recorded, including the database record password. NOTE: the vendor disputes this because the environment file is in the data directory, which is not intended for access by website visitors (only the statics directory can be accessed by website visitors)
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ecjia | Daojia | 1.38.1-20210202629 |
Related Weaknesses (CWE)
References
- https://github.com/ecjia/ecjia-daojia/blob/dfb322387e8d3d50719e44d23d793072616ffExploitThird Party Advisory
- https://github.com/ecjia/ecjia-daojia/blob/dfb322387e8d3d50719e44d23d793072616ffExploitThird Party Advisory
- https://github.com/ecjia/ecjia-daojia/issues/20Third Party Advisory
- https://github.com/ecjia/ecjia-daojia/blob/dfb322387e8d3d50719e44d23d793072616ffExploitThird Party Advisory
- https://github.com/ecjia/ecjia-daojia/blob/dfb322387e8d3d50719e44d23d793072616ffExploitThird Party Advisory
- https://github.com/ecjia/ecjia-daojia/issues/20Third Party Advisory
FAQ
What is CVE-2022-27055?
CVE-2022-27055 is a vulnerability with a CVSS score of 7.5 (HIGH). ecjia-daojia 1.38.1-20210202629 is vulnerable to information leakage via content/apps/installer/classes/Helper.php. When the web program is installed, a new environment file is created, and the databa...
How severe is CVE-2022-27055?
CVE-2022-27055 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-27055?
Check the references section above for vendor advisories and patch information. Affected products include: Ecjia Daojia.