CVE-2009-3802

Name of the Vulnerable Software and Affected Versions Amiro.CMS versions 5.4.0.0 and earlier

Description The issue allows remote attackers to obtain sensitive information by providing an invalid loginname ("%%%") to the " admin/index.php" API endpoint, resulting in an error message that reveals the installation path and other information.

Recommendations For Amiro.CMS versions 5.4.0.0 and earlier, consider restricting access to the " admin/index.php" endpoint until a fix is available, and avoid using invalid loginname values to prevent information disclosure. At the moment, there is no information about a newer version that contains a fix for this vulnerability.