PT-2006-4278 · Vincent Leclercq · Vincent Leclercq News
Publicado
2006-07-06
·
Atualizado
2018-10-18
·
CVE-2006-3386
CVSS v2.0
5.0
Média
| Vetor | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Vincent Leclercq News version 5.2
Description
The issue allows remote attackers to obtain sensitive information, such as the installation path, by providing invalid values to the
mail[] parameter in the "index.php" endpoint.Recommendations
For Vincent Leclercq News version 5.2, avoid using the
mail[] parameter with invalid values in the "index.php" endpoint until a fix is available. As a temporary workaround, consider restricting access to the "index.php" endpoint to minimize the risk of exploitation.Exploit
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Vincent Leclercq News