multiple vulnerabilities on your mautic server
Medium
Vulnerability Details
Hi @unikrn!
I found some vulnerabilities in you crm server:
1. By pass Cloudflare access:
You Use Cloudflare Access on https://crm.unikrn.com .
BUt this link bypassed Cloudflare Access: ████████/login
This vulnerability generates the disclosure of important data:
PHP info page:
██████████phpinfo - an attacker can find out the server configuration and also find out the server path
Symfony request log:
█████empty/search/results?limit=10 list of all requests, IP addresses and so on.
Symfony debug log:
██████████6099a6?panel=logger
Symfony config:
█████6099a6?panel=config
## Impact
crm.unicrn.com multiple vulnerabilities on your mautic server
Actions
View on HackerOneReport Stats
- Report ID: 592885
- State: Closed
- Substate: resolved
- Upvotes: 7