Описание
class/page.php in Farsi Script (aka FaScript) FaName 1.0 allows remote attackers to obtain sensitive information via a '; (quote semicolon) sequence in the id parameter, which reveals the installation path in an error message.
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:fascript:faname:1.0:*:*:*:*:*:*:*
EPSS
Процентиль: 51%
0.00276
Низкий
5.3 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-200
CWE-200
Связанные уязвимости
CVSS3: 5.3
github
почти 4 года назад
class/page.php in Farsi Script (aka FaScript) FaName 1.0 allows remote attackers to obtain sensitive information via a '; (quote semicolon) sequence in the id parameter, which reveals the installation path in an error message.
EPSS
Процентиль: 51%
0.00276
Низкий
5.3 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
CWE-200
CWE-200