CVE-2009-1369

Name of the Vulnerable Software and Affected Versions moziloCMS version 1.11

Description The issue allows remote attackers to obtain sensitive information. This can be achieved via several parameters, including the gal[] parameter to "gallery.php", the page[] and cat[] parameters to "index.php", or the file[] parameter to "download.php". These parameters can reveal the installation path in an error message.

Recommendations For moziloCMS version 1.11, consider restricting access to the vulnerable parameters gal[], page[], cat[], and file[] in their respective scripts until a patch is available. As a temporary workaround, avoid using these parameters in the affected API endpoints "gallery.php", "index.php", and "download.php" to minimize the risk of exploitation.