Описание
Photostand 1.2.0 allows remote attackers to obtain sensitive information via a ' (quote) character in (1) a PHPSESSID cookie or (2) the id parameter in an article action in index.php, which reveal the path in various error messages.
Photostand 1.2.0 allows remote attackers to obtain sensitive information via a ' (quote) character in (1) a PHPSESSID cookie or (2) the id parameter in an article action in index.php, which reveal the path in various error messages.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2007-1102
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32702
- http://osvdb.org/33774
- http://osvdb.org/33775
- http://securityreason.com/securityalert/2296
- http://www.securityfocus.com/archive/1/461150/100/0/threaded
- http://www.vupen.com/english/advisories/2007/0752
EPSS
Процентиль: 68%
0.00574
Низкий
CVE ID
Связанные уязвимости
nvd
почти 19 лет назад
Photostand 1.2.0 allows remote attackers to obtain sensitive information via a ' (quote) character in (1) a PHPSESSID cookie or (2) the id parameter in an article action in index.php, which reveal the path in various error messages.
EPSS
Процентиль: 68%
0.00574
Низкий