PT-2007-1339 · Scriptsez.Net · Scriptsez.Net E-Dating System
Luny
·
Publicado
2007-02-24
·
Atualizado
2008-09-05
·
CVE-2006-7060
CVSS v2.0
5.0
Média
| Vetor | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Scriptsez.net E-Dating System (affected versions not specified)
Description
The issue allows remote attackers to obtain the full path of the system via an invalid
id parameter in a "dologin" action. This is achieved by exploiting the cindex.php file, which leaks the path in an error message when an invalid id is provided.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Scriptsez.Net E-Dating System