{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2026-30994", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2026-04-15T18:06:38.418Z", "dateReserved": "2026-03-09T00:00:00.000Z", "datePublished": "2026-04-15T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-15T16:45:09.494Z"}, "descriptions": [{"lang": "en", "value": "Incorrect access control in the config.php component of Slah v1.5.0 and below allows unauthenticated attackers to access sensitive information, including active session credentials."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://cve.joaopaulodeoliveira.dev/cve.php/reserved/slah-informatica-sensitive-data-exposure"}, {"url": "https://cve.joaopaulodeoliveira.dev/cve.php/published/CVE-2026-30994"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-284", "lang": "en", "description": "CWE-284 Improper Access Control"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-04-15T18:06:34.710440Z", "id": "CVE-2026-30994", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-15T18:06:38.418Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-30994", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-15T18:06:34.710440Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-284", "description": "CWE-284 Improper Access Control"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-15T18:06:29.463Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://cve.joaopaulodeoliveira.dev/cve.php/reserved/slah-informatica-sensitive-data-exposure"}, {"url": "https://cve.joaopaulodeoliveira.dev/cve.php/published/CVE-2026-30994"}], "descriptions": [{"lang": "en", "value": "Incorrect access control in the config.php component of Slah v1.5.0 and below allows unauthenticated attackers to access sensitive information, including active session credentials."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-04-15T16:45:09.494Z"}}}, "cveMetadata": {"cveId": "CVE-2026-30994", "state": "PUBLISHED", "dateUpdated": "2026-04-15T18:06:38.418Z", "dateReserved": "2026-03-09T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-04-15T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Incorrect access control in the config.php component of Slah v1.5.0 and below allows unauthenticated attackers to access sensitive information, including active session credentials."}], "id": "CVE-2026-30994", "lastModified": "2026-04-17T15:37:20.857", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-04-15T17:17:04.220", "references": [{"source": "cve@mitre.org", "url": "https://cve.joaopaulodeoliveira.dev/cve.php/published/CVE-2026-30994"}, {"source": "cve@mitre.org", "url": "https://cve.joaopaulodeoliveira.dev/cve.php/reserved/slah-informatica-sensitive-data-exposure"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.5.0]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "manual", "scores": [{"score": 100.0, "source": "manual"}]}, "original": {"product": "n/a", "source": "cna", "vendor": "n/a"}, "product": "slah_cms", "vendor": "slah_cms"}], "analysis": {"en": {"generated_at": "2026-04-15T22:24:45.155682+00:00", "value": {"mitigation_remediation": ["Apply the latest available patch or upgrade to a version newer than 1.5.0 that removes the unauthenticated access to config.php.", "Configure the web server to deny HTTP access to the config.php file or move it outside the document root so it cannot be served to clients.", "Ensure file permissions of config.php so that only system users, not the web server process, can read it."], "summary": {"action": "Immediate Patch", "impact": "Information Disclosure"}, "threat_synthesis": {"affected_systems": "Slah version 1.5.0 and all earlier releases are affected. No additional product or version information is available from the CNA.", "description_and_impact": "The vulnerability is an incorrect access control in the config.php component of Slah. Because the file is accessible without authentication, an attacker can retrieve its contents, which contain sensitive data, including active session credentials. This flaw corresponds to improper access control (CWE\u2011284) and results in information exposure (CWE\u2011200). The exposure can compromise confidentiality and potentially allow further attacks if session data is grabbed.", "risk_and_exploitability": "The CVE has a CVSS score of 7.5, does not report an EPSS score, and is not listed in the CISA KEV catalog, indicating no public exploitation data is known. Based on the description, it is inferred that an attacker can trigger the flaw by directly requesting the /config.php URL over HTTP, which would return the plaintext configuration file. Exploitability is low to moderate because it requires network access to the web server and no authentication is needed, but the impact is critical due to the sensitive data exposed."}}}}, "created": "2026-04-15T22:30:16.077796+00:00", "title": "Unauthenticated Access to Config File Exposes Session Credentials in Slah v1.5.0 and Earlier", "updated": "2026-04-16T09:12:53.779568+00:00", "vendors": ["slah_cms", "slah_cms$PRODUCT$slah_cms"], "weaknesses": ["CWE-284"]}