CVE-2021-44315

CWE-552 — Files Accessible to External Parties3 documents3 sources

Severity

7.5HIGH

EPSS

0.3%

top 47.50%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Phpgurukul BUS Pass Management System

Timeline

PublishedDec 16

Latest updateDec 17

Description

In Bus Pass Management System v1.0, Directory Listing/Browsing is enabled on the web server which allows an attacker to view the sensitive files of the application, for example: Any file which contains sensitive information of the user or server.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

▶NVDphpgurukul/bus_pass_management_system1.0

🔴Vulnerability Details

GHSA

GHSA-pmgm-pv8c-pw29: In Bus Pass Management System v1↗2021-12-17

▶

CVEList

CVE-2021-44315: In Bus Pass Management System v1↗2021-12-16

▶