PT-2012-6196 · Neocrome · Neocrome Seditio

Publicado

2012-11-17

Atualizado

2017-08-29

CVE-2012-5915

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Neocrome Seditio build 161 and earlier

Description The issue allows remote attackers to obtain sensitive information via direct requests to specific files, including "view.php", "plugins/contact/lang/contact.en.lang.php", "system/lang/en/main.lang.php", "system/lang/en/message.lang.php", or "system/core/view/view.inc.php". These requests can reveal the installation path in an error message.

Recommendations For Neocrome Seditio build 161 and earlier, consider restricting direct access to the mentioned files, such as "view.php", "plugins/contact/lang/contact.en.lang.php", "system/lang/en/main.lang.php", "system/lang/en/message.lang.php", and "system/core/view/view.inc.php", to prevent the disclosure of sensitive information.

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

CVE-2012-5915

Produtos afetados

Neocrome Seditio

PT-2012-6196 · Neocrome · Neocrome Seditio

CVE-2012-5915

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 3