疑似Oday
Remote attacker can access sensitive data exposed on the URL
# Sensitive Data Exposure (CVE-2024-50961)
## Description
In DonWeb Ferozo Hosting v1.1, a remote attacker can exploit URL parameters to access sensitive data, including database credentials. Attack vectors include network sniffing, server logs, and browser history, potentially exposing organizations to major security breaches and data protection violations. Mitigating with HTTPS and secure logging practices is essential.
### Attack Complexity
- **Low**
### Privileges Required
- **None** (Unauthenticated remote attackers can exploit this vulnerability.)
### User Interaction
- **Not Required**
### Affected Components
- **URL Parameter Handling**: The vulnerability lies in how URL parameters are handled, potentially leaking sensitive data.
### Impact
- **Data Breach**: Exposure of sensitive data such as database credentials.
- **Regulatory Risk**: May lead to legal repercussions for affected organizations.
---
**CVE-2024-50961**
*Reported by [Facundo Fernandez / Security Researcher]*
[4.0K] /data/pocs/a4b8bee47f8767dbf0180b78bd60bf5285b07159
└── [1008] README.md
0 directories, 1 file