Описание
index.php in Enano CMS 1.1.7pl1, and possibly other versions before 1.1.8, 1.0.6pl3, and 1.1.7pl2, allows remote attackers to obtain sensitive information via a crafted title parameter, which reveals the installation path in an error message.
index.php in Enano CMS 1.1.7pl1, and possibly other versions before 1.1.8, 1.0.6pl3, and 1.1.7pl2, allows remote attackers to obtain sensitive information via a crafted title parameter, which reveals the installation path in an error message.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2010-4781
- http://enanocms.org/News:Article/2010/11/16/Enano_1.1.8.2c_1.0.6pl3.2c_and_1.1.7pl2_released
- http://packetstormsecurity.org/files/view/96229/enanocms-sqldisclose.txt
- http://securityreason.com/securityalert/8183
- http://www.exploit-db.com/exploits/15645
- http://www.htbridge.ch/advisory/path_disclosure_in_enano_cms.html
- http://www.securityfocus.com/bid/45120
Связанные уязвимости
nvd
почти 15 лет назад
index.php in Enano CMS 1.1.7pl1, and possibly other versions before 1.1.8, 1.0.6pl3, and 1.1.7pl2, allows remote attackers to obtain sensitive information via a crafted title parameter, which reveals the installation path in an error message.