CVE-2014-10005

Name of the Vulnerable Software and Affected Versions Maian Uploader version 4.0

Description The issue allows remote attackers to obtain sensitive information. This is achieved by sending a request without the height parameter to the "load flv.js.php" endpoint, which in turn reveals the installation path in an error message.

Recommendations For Maian Uploader version 4.0, consider modifying the load flv.js.php script to handle requests without the height parameter securely, preventing the disclosure of sensitive information. As a temporary workaround, restrict access to the load flv.js.php endpoint to minimize the risk of exploitation.