PT-2007-3588 · Exponent · Exponent Cms
Publicado
2007-04-25
·
Atualizado
2017-07-29
·
CVE-2007-2253
CVSS v2.0
5.0
Média
| Vetor | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Exponent CMS versions 0.96.6 Alpha and earlier
Description
The issue allows remote attackers to obtain path information via a direct request for certain files, including "sdk/blanks/formcontrol.php" and "sdk/blanks/file modules.php".
Recommendations
For Exponent CMS versions 0.96.6 Alpha and earlier, as a temporary workaround, consider restricting access to the "sdk/blanks/formcontrol.php" and "sdk/blanks/file modules.php" files until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Information Disclosure
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Exponent Cms