Generation of Error Message Containing Sensitive Information in microweber/microweber
Feb 13th 2022
Sensitive information as part of the error is getting disclosed while viewing comments from "load_module:comments#search="
Proof of Concept
- Login to https://demo.microweber.org
- Visit https://demo.microweber.org/demo/admin/view:modules/load_module:comments#search=
- Now enter anything in search= parameter you can see 500 internal error with sensitive information
This vulnerability is capable of leaking sensitive data of the system where the website is hosted