What is CVE-2018-7251?

CVE-2018-7251 is a vulnerability in N/a. Published 2018-02-19.

Is CVE-2018-7251 known to be exploited?

8 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2018-7251

An issue was discovered in config/error.php in Anchor 0.12.3. The error log is exposed at an errors.log URI, and contains MySQL credentials if a MySQL error (such as "Too many connections") has occurred.

EPSS: 0.906 (99.6th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

References

github.com/anchorcms/anchor-cms/issues/1247 (x_refsource_MISC)
www.andmp.com/2018/02/advisory-assigned-CVE-2018-7251-in-anchorcms.html (x_refsource_MISC)
twitter.com/finnwea/status/965279233030393856 (x_refsource_MISC)
packetstormsecurity.com/files/154723/Anchor-CMS-0.12.3a-Information-Disclosure… (x_refsource_MISC)
github.com/anchorcms/anchor-cms/releases/tag/0.12.7 (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2018-7251?: CVE-2018-7251 is a vulnerability in N/a. Published 2018-02-19.
Is CVE-2018-7251 known to be exploited?: 8 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.