MEDIUM🇵🇱 Wersja polska

CVE-2025-49618

CVSS 5.8v3.1pub. 2025-07-03upd. 2026-04-15

In Plesk Obsidian 18.0.69, unauthenticated requests to /login_up.php can reveal an AWS accessKeyId, secretAccessKey, region, and endpoint.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References