Описание
Webplus (aka talentsoft) Web+Shop 5.3.6, when Redirect URL for "Script Not Found" Error is not configured, allows remote attackers to obtain sensitive information via a quote (') or possibly other invalid value in the storeid parameter in store.wml in webplus.exe, which reveals the path in a "Script Not Found" error message.
Ссылки
- ExploitVendor Advisory
- ExploitPatch
- ExploitVendor Advisory
- ExploitPatch
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:talentsoft:web\+_shop:5.3.6:*:*:*:*:*:*:*
EPSS
Процентиль: 71%
0.00674
Низкий
5 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
Webplus (aka talentsoft) Web+Shop 5.3.6, when Redirect URL for "Script Not Found" Error is not configured, allows remote attackers to obtain sensitive information via a quote (') or possibly other invalid value in the storeid parameter in store.wml in webplus.exe, which reveals the path in a "Script Not Found" error message.
EPSS
Процентиль: 71%
0.00674
Низкий
5 Medium
CVSS2
Дефекты
NVD-CWE-Other