Описание
myWebland myBloggie 2.1.6 allow remote attackers to obtain sensitive information via (1) an invalid year parameter to calendar.php, reached through index.php; (2) a direct request to common.php; and (3) a mode array parameter in the query string to login.php, which reveal the installation path in various error messages.
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:mywebland:mybloggie:2.1.6:*:*:*:*:*:*:*
EPSS
Процентиль: 50%
0.00271
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-200
CWE-200
Связанные уязвимости
CVSS3: 5.3
github
почти 4 года назад
myWebland myBloggie 2.1.6 allow remote attackers to obtain sensitive information via (1) an invalid year parameter to calendar.php, reached through index.php; (2) a direct request to common.php; and (3) a mode array parameter in the query string to login.php, which reveal the installation path in various error messages.
EPSS
Процентиль: 50%
0.00271
Низкий
5.3 Medium
CVSS3
5 Medium
CVSS2
Дефекты
CWE-200
CWE-200