CVE-2019-7535
UnknownEPSS 1.10%
Last modified
CVE-2019-7535 is a vulnerability of currently unknown severity. index.php in Gurock TestRail 5.3.0.3603 returns potentially sensitive information for an invalid request, as demonstrated by full path disclosure and the identification of PHP as the backend technology.. EPSS estimates a 1.10% chance of exploitation in the next 30 days.
Description
index.php in Gurock TestRail 5.3.0.3603 returns potentially sensitive information for an invalid request, as demonstrated by full path disclosure and the identification of PHP as the backend technology.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Gurock | Testrail | 5.3.0.3603 |
References
- https://gist.github.com/nenf/2f16cd547c2afe166d1cb3f88f18bf81Third Party Advisory
- https://gist.github.com/nenf/2f16cd547c2afe166d1cb3f88f18bf81Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2019-7535?
index.php in Gurock TestRail 5.3.0.3603 returns potentially sensitive information for an invalid request, as demonstrated by full path disclosure and the identification of PHP as the backend technology.
How severe is CVE-2019-7535?
Severity scoring for CVE-2019-7535 is pending analysis. The EPSS model estimates a 1.10% probability of exploitation in the next 30 days.
How do I fix CVE-2019-7535?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2019-7535?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST