Home

Description

Incorrect access control in the config.php component of Slah v1.5.0 and below allows unauthenticated attackers to access sensitive information, including active session credentials.

PUBLISHED Reserved 2026-03-09 | Published 2026-04-15 | Updated 2026-04-15 | Assigner mitre

References

cve.joaopaulodeoliveira.dev/...atica-sensitive-data-exposure

cve.joaopaulodeoliveira.dev/cve.php/published/CVE-2026-30994

cve.org (CVE-2026-30994)

nvd.nist.gov (CVE-2026-30994)

Download JSON