CVE-2025-52671
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-11-20
Last updated on: 2025-12-02
Assigner: HackerOne
Description
Description
Debug information disclosure in the SQL error message to in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes non-admin users to acquire information about the software, PHP and database versions currently in use.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| revive-adserver | revive_adserver | 6.0.0 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-209 | The product generates an error message that includes sensitive information about its environment, users, or associated data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a debug information disclosure issue in Revive Adserver versions 5.5.2, 6.0.1, and earlier. It causes SQL error messages to reveal details about the software, PHP, and database versions to non-admin users.
How can this vulnerability impact me? :
The vulnerability allows non-admin users to gain information about the software environment, such as software, PHP, and database versions. This information disclosure can aid attackers in crafting targeted attacks or exploiting other vulnerabilities specific to those versions.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70