How severe is CVE-2022-26159?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2022-26159?

This is classified as CWE-425, which is a common weakness in software security.

CVE-2022-26159 - MEDIUM Severity | CVSS 5.3

Vulnerability Description

The auto-completion plugin in Ametys CMS before 4.5.0 allows a remote unauthenticated attacker to read documents such as plugins/web/service/search/auto-completion/<domain>/en.xml (and similar pathnames for other languages), which contain all characters typed by all users, including the content of private pages. For example, a private page may contain usernames, e-mail addresses, and possibly passwords.

Related Vulnerabilities

CVE-2004-2257

MEDIUM

CVSS:5.3(Medium)

phpMyFAQ 1.4.0 allows remote attackers to access the Image Manager to upload or delete images without authorization via a direct request.

CWE-4252004

CVE-2005-1688

MEDIUM

CVSS:5.3(Medium)

Wordpress 1.5 and earlier allows remote attackers to obtain sensitive information via a direct request to files in (1) wp-content/themes/, (2) wp-includes/, or (3) wp-admin/, which reveal the path in ...

CWE-4252005

CVE-2016-1000111

MEDIUM

CVSS:5.3(Medium)

Twisted before 16.3.1 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect CGI applications from the presence of untrusted client data in the HTTP_PRO...

CWE-4252016

CVE-2017-2139

MEDIUM

CVSS:5.3(Medium)

CS-Cart Japanese Edition v4.3.10 and earlier (excluding v2 and v3), CS-Cart Multivendor Japanese Edition v4.3.10 and earlier (excluding v2 and v3) allows remote attackers to bypass access restriction ...

CWE-4252017

CVE-2017-2143

MEDIUM

CVSS:5.3(Medium)

CS-Cart Japanese Edition v4.3.10-jp-1 and earlier, CS-Cart Multivendor Japanese Edition v4.3.10-jp-1 and earlier allows remote attackers to bypass access restriction to create a request to return a cu...

CWE-4252017

CVE-2019-13981

MEDIUM

CVSS:5.3(Medium)

In Directus 7 API through 2.3.0, remote attackers can read image files via a direct request for a filename under the uploads/_/originals/ directory. This is related to a configuration option in which ...

CWE-4252019