Описание
The faq section in PostNuke 0.764 allows remote attackers to obtain sensitive information (the full path) via "unvalidated output" in FAQ/index.php, possibly involving an undefined id_cat variable.
The faq section in PostNuke 0.764 allows remote attackers to obtain sensitive information (the full path) via "unvalidated output" in FAQ/index.php, possibly involving an undefined id_cat variable.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2007-0385
- http://archives.neohapsis.com/archives/fulldisclosure/2007-01/0355.html
- http://noc.postnuke.com/plugins/scmsvn/viewcvs.php/trunk/Historic/PostNuke7x/html/modules/?root=postnuke
- http://noc.postnuke.com/plugins/scmsvn/viewcvs.php/trunk/Historic/PostNuke7x/html/modules/FAQ/index.php?root=postnuke&r1=20350&r2=20911
- http://osvdb.org/35472
- http://www.hackers.ir/advisories/festival.txt
EPSS
Процентиль: 65%
0.005
Низкий
CVE ID
Связанные уязвимости
nvd
около 19 лет назад
The faq section in PostNuke 0.764 allows remote attackers to obtain sensitive information (the full path) via "unvalidated output" in FAQ/index.php, possibly involving an undefined id_cat variable.
EPSS
Процентиль: 65%
0.005
Низкий