Lucene search

[email protected]CVE-2010-4611

HistoryDec 29, 2010 - 10:33 p.m.

CVE-2010-4611

2010-12-2922:33:32

CWE-200

[email protected]

web.nvd.nist.gov

cve-2010-4611

html-edit cms

information security

remote attackers

sensitive information

installation path disclosure

nvd

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.3 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

69.0%

JSON

Html-edit CMS 3.1.8 allows remote attackers to obtain sensitive information via a direct request to (1) pages.php and (2) menu.php in includes/core_files and (3) extensions/login/frontend/pages/antihacker.php, which reveals the installation path in an error message.

Affected configurations

NVD

Node

html-edithtml-edit_cmsMatch3.1.8

CPENameOperatorVersion
html-edit:html-edit_cmshtml-edit html-edit cmseq3.1.8

CPE	Name	Operator	Version
html-edit:html-edit_cms	html-edit html-edit cms	eq	3.1.8

References

www.exploit-db.com/exploits/15800

www.htbridge.ch/advisory/path_disclosure_in_html_edit_cms.html

exchange.xforce.ibmcloud.com/vulnerabilities/64437

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.3 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

69.0%

JSON

Related for CVE-2010-4611

cvelist1 prion1 nvd1 htbridge1