CVE-2005-4575

Name of the Vulnerable Software and Affected Versions PaperThin CommonSpot Content Server versions 4.5 and earlier

Description The issue allows remote attackers to obtain sensitive information. This is achieved by providing an invalid errmsg parameter to the "loader.cfm" endpoint with a url parameter set to "email-login-info.cfm", resulting in the leakage of the full pathname in the error message.

Recommendations For versions 4.5 and earlier, consider restricting access to the "loader.cfm" endpoint or avoid using the errmsg parameter until a fix is available. As a temporary workaround, restrict the information disclosed in error messages to minimize the risk of sensitive data leakage.