exploitDog

CVE-2008-7146

Опубликовано: 01 сент. 2009

Источник: nvd

CVSS2: 5

EPSS Низкий

Описание

IntraLearn Software IntraLearn 2.1, and possibly other versions before 4.2.3, allows remote attackers to obtain sensitive information via a direct request to (1) Knowledge_Impact_Course.htm, (2) LRN-formatted_Course.htm, or (3) Create_Course.htm in help/1/Instructor/, which reveals the installation path in an error message.

Ссылки

http://osvdb.org/42991
Exploit
http://osvdb.org/42992
Exploit
http://osvdb.org/42993
Exploit
http://osvdb.org/ref/42/intralearn-21-multiple.txt
Exploit
http://osvdb.org/42991
Exploit
http://osvdb.org/42992
Exploit
http://osvdb.org/42993
Exploit
http://osvdb.org/ref/42/intralearn-21-multiple.txt
Exploit

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:intralearn:intralearn:*:*:*:*:*:*:*:*

Версия до 4.2 (включая)

cpe:2.3:a:intralearn:intralearn:2.1:*:*:*:*:*:*:*

EPSS

Процентиль: 61%

0.00419

Низкий

5 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

GHSA-h4gc-4488-9p5f

github

больше 3 лет назад

IntraLearn Software IntraLearn 2.1, and possibly other versions before 4.2.3, allows remote attackers to obtain sensitive information via a direct request to (1) Knowledge_Impact_Course.htm, (2) LRN-formatted_Course.htm, or (3) Create_Course.htm in help/1/Instructor/, which reveals the installation path in an error message.

EPSS

Процентиль: 61%

0.00419

Низкий

5 Medium

CVSS2

Дефекты

CWE-200