CVE-2008-2864

Name of the Vulnerable Software and Affected Versions eLineStudio Site Composer (ESC) versions 2.6 and earlier

Description The issue allows remote attackers to obtain sensitive information by making a direct request to specific API endpoints, including "trigger.asp" or "common2.asp" in the "cms/include/" directory, which reveals the database path.

Recommendations For versions 2.6 and earlier, consider restricting access to the "trigger.asp" and "common2.asp" files in the "cms/include/" directory until a fix is available. As a temporary workaround, limit direct requests to these endpoints to minimize the risk of sensitive information disclosure.