CVE-2009-2332

Name of the Vulnerable Software and Affected Versions CMS Chainuk versions 1.2 and earlier

Description The issue allows remote attackers to obtain sensitive information. This can be achieved via a crafted id parameter to "index.php" or by using a nonexistent folder name in the id parameter to "admin/admin delete.php", which reveals the installation path in an error message.

Recommendations For CMS Chainuk versions 1.2 and earlier, consider restricting access to the "index.php" and "admin/admin delete.php" endpoints until a fix is available. As a temporary workaround, avoid using the id parameter in these endpoints to minimize the risk of exploitation.