CVE-2025-52023
BaseFortify
Publication date: 2026-01-23
Last updated on: 2026-02-11
Assigner: MITRE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| aptsys | gemscms_backend | to 2025-05-28 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-209 | The product generates an error message that includes sensitive information about its environment, users, or associated data. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the PHP backend of gemscms.aptsys.com.sg and allows unauthenticated remote attackers to cause the system to generate detailed error messages. These error messages disclose internal file paths, code snippets, and stack traces when specially crafted HTTP GET or POST requests are sent to public API endpoints. This exposure of internal information can aid attackers in further exploiting the system.
How can this vulnerability impact me? :
The vulnerability can impact you by exposing sensitive internal information such as file paths, code snippets, and stack traces to unauthenticated attackers. This information disclosure can facilitate further attacks, potentially leading to unauthorized access, data breaches, or other security compromises.