AnchorCMS Error Log Exposure

By
Anandhu K A
Published on
10 Jan 2022
Vulnerability

Description

In Anchor 0.12.3, a bug was discovered in config/error.php. If a MySQL error (such as “Too many connections”) occurs, the error log is accessible via an errors.log URI and contains MySQL credentials.

Recommendations

  • Update AnchorCMS to the latest version

Written by
Anandhu K A
Anandhu K A
Lead Engineer
Experience the Beagle Security platform
Unlock one full penetration test and all Advanced plan features free for 10 days