Vulnerability: CVE-2020-7959

LabVantage LIMS 8.3 does not properly maintain the confidentiality of database names. For example, the web application exposes the database name. An attacker might be able to enumerate database names by providing his own database name in a request, because the response will return an β€˜Unrecognized Database exception message if the database does not exist.


https://www.exploit-db.com/exploits/48090
https://github.com/websecnl/LabVantage8.3-Exploit
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7959


It's possible to leave a comment as registered users to the site, accessing through social, wordpress account or as anonymous users. If you want to leave a comment as an anonymous user you will be notified by email of a possible response only if you enter the email address (optional). The insertion of any data in the comment fields is totally optional. Whoever decides to insert any data accepts the treatment of these last ones for the inherent purposes of the service that is the answer to the comment and the strictly necessary communications.


Leave a Reply