CVE-2005-0310

Name of the Vulnerable Software and Affected Versions Exponent version 0.95

Description The issue allows remote attackers to obtain sensitive information via a direct HTTP request to specific API endpoints, including "search.info.php", "permissions.info.php", "security.info.php", "formcontrol.php", or "file modules.php". These endpoints reveal the path in an error message because the pathos core version variable is undefined.

Recommendations For Exponent version 0.95, consider restricting access to the vulnerable API endpoints "search.info.php", "permissions.info.php", "security.info.php", "formcontrol.php", and "file modules.php" to minimize the risk of exploitation. Additionally, defining the pathos core version variable could prevent the error message from revealing sensitive path information. At the moment, there is no information about a newer version that contains a fix for this vulnerability.