Gosuncn Technology Group Audio-Visual Integrated Management Platform Information Disclosure Vulnerability
Vulnerability
An information disclosure vulnerability has been identified in Gosuncn Technology Group's Audio-Visual Integrated Management Platform version 4.0. The issue arises from an unknown function in the file '/config/config.properties', within the Configuration File Handler component. This vulnerability allows sensitive information to be exposed remotely, without requiring authentication.
Impact
Exploitation of this vulnerability leads to unauthorized access to sensitive information, potentially impacting the confidentiality of the exposed data.
Reproduction
The vulnerability can be reproduced by accessing the '/config/config.properties' file on the server. This can be done by sending a request to the server's IP address or domain, followed by the '/config/config.properties' path. Several instances of the application have been identified that are vulnerable to this issue.
Remediation
It is recommended to implement firewall rules to block unauthorized access to the vulnerable configuration files.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.