Unauthenticated Export of All Pads in Etherpad 1.5.x and 1.6.x

Unauthenticated Export of All Pads in Etherpad 1.5.x and 1.6.x

CVE-2018-9325 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

Etherpad 1.5.x and 1.6.x before 1.6.4 allows an attacker to export all the existing pads of an instance without knowledge of pad names.

Learn more about our Web Application Penetration Testing UK.