CVE-2014-8874 – TYPO3 Extension ke_questionnaire 2.5.2 Information Disclosure
https://notcve.org/view.php?id=CVE-2014-8874
The ke_questionnaire extension 2.5.2 and earlier for TYPO3 uses predictable names for the questionnaire answer forms, which makes it easier for remote attackers to obtain sensitive information via a direct request. La extensión ke_questionnaire 2.5.2 y anteriores para TYPO3 utiliza nombres previsibles para los formularios de respuestas del cuestionario, lo que facilita a atacantes remotos obtener información sensible a través de una solicitud directa. The TYPO3 extension ke_questionnaire stores answered questionnaires in a publicly reachable directory on the webserver with filenames that are easily guessable. Version 2.5.2 is affected. • http://seclists.org/fulldisclosure/2014/Dec/1 http://www.securityfocus.com/archive/1/534126/100/0/threaded https://www.redteam-pentesting.de/advisories/rt-sa-2014-009 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •