PT-2010-5477 · Dynpg · Dynpg Cms
Published
2010-12-04
·
Updated
2021-03-25
·
CVE-2010-4401
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
DynPG CMS version 4.2.0
Description
The issue allows remote attackers to obtain sensitive information via a direct request to languages.inc.php, which reveals the installation path in an error message.
Recommendations
For DynPG CMS version 4.2.0, consider restricting access to the languages.inc.php file until a patch is available. As a temporary workaround, modify the error handling mechanism to prevent the disclosure of sensitive information, such as the installation path.
Exploit
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Dynpg Cms