cvedb.io
CVE-2022-27055
HIGH · CVSS 7.5
EPSS exploitation probability: 0%
Published 2022-04-19T17:15:11.497 · Last modified 2026-06-17T04:36:19.720

Summary

ecjia-daojia 1.38.1-20210202629 is vulnerable to information leakage via content/apps/installer/classes/Helper.php. When the web program is installed, a new environment file is created, and the database information is recorded, including the database record password. NOTE: the vendor disputes this because the environment file is in the data directory, which is not intended for access by website visitors (only the statics directory can be accessed by website visitors)

Affected products

ecjia — daojia

Does this affect you?

Add your gear to cvedb and we'll alert you only when ecjia ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.