Lucene search

MitreCVE-2010-4781

HistoryApr 07, 2011 - 2:23 p.m.

CVE-2010-4781

2011-04-0714:23:53

CWE-200

mitre

web.nvd.nist.gov

enano cms

cve-2010-4781

information security

remote attackers

sensitive information

nvd

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.3

Confidence

Low

EPSS

0.008

Percentile

82.0%

JSON

index.php in Enano CMS 1.1.7pl1, and possibly other versions before 1.1.8, 1.0.6pl3, and 1.1.7pl2, allows remote attackers to obtain sensitive information via a crafted title parameter, which reveals the installation path in an error message.

Affected configurations

Nvd

Node

enanocmsenano_cmsRange≤1.1.7pl2

enanocmsenano_cmsMatch0.8.1

enanocmsenano_cmsMatch0.8.2

enanocmsenano_cmsMatch0.8.3

enanocmsenano_cmsMatch0.8.4

enanocmsenano_cmsMatch0.9.1

enanocmsenano_cmsMatch0.9.2

enanocmsenano_cmsMatch0.9.3

enanocmsenano_cmsMatch1.0

enanocmsenano_cmsMatch1.0.1

enanocmsenano_cmsMatch1.0.2

enanocmsenano_cmsMatch1.0.2b1

enanocmsenano_cmsMatch1.0.3

enanocmsenano_cmsMatch1.0.4

enanocmsenano_cmsMatch1.0.5

enanocmsenano_cmsMatch1.0.6

enanocmsenano_cmsMatch1.0.6pl1

enanocmsenano_cmsMatch1.0.6pl2

enanocmsenano_cmsMatch1.0.6pl3

enanocmsenano_cmsMatch1.1.1

enanocmsenano_cmsMatch1.1.2

enanocmsenano_cmsMatch1.1.3

enanocmsenano_cmsMatch1.1.4

enanocmsenano_cmsMatch1.1.5

enanocmsenano_cmsMatch1.1.6

enanocmsenano_cmsMatch1.1.7

enanocmsenano_cmsMatch1.1.7pl1

VendorProductVersionCPE
enanocmsenano_cms*cpe:2.3:a:enanocms:enano_cms:*:pl2:*:*:*:*:*:*
enanocmsenano_cms0.8.1cpe:2.3:a:enanocms:enano_cms:0.8.1:*:*:*:*:*:*:*
enanocmsenano_cms0.8.2cpe:2.3:a:enanocms:enano_cms:0.8.2:*:*:*:*:*:*:*
enanocmsenano_cms0.8.3cpe:2.3:a:enanocms:enano_cms:0.8.3:*:*:*:*:*:*:*
enanocmsenano_cms0.8.4cpe:2.3:a:enanocms:enano_cms:0.8.4:*:*:*:*:*:*:*
enanocmsenano_cms0.9.1cpe:2.3:a:enanocms:enano_cms:0.9.1:*:*:*:*:*:*:*
enanocmsenano_cms0.9.2cpe:2.3:a:enanocms:enano_cms:0.9.2:*:*:*:*:*:*:*
enanocmsenano_cms0.9.3cpe:2.3:a:enanocms:enano_cms:0.9.3:*:*:*:*:*:*:*
enanocmsenano_cms1.0cpe:2.3:a:enanocms:enano_cms:1.0:*:*:*:*:*:*:*
enanocmsenano_cms1.0.1cpe:2.3:a:enanocms:enano_cms:1.0.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
enanocms	enano_cms	*	cpe:2.3:a:enanocms:enano_cms::pl2::::::*
enanocms	enano_cms	0.8.1	cpe:2.3:a:enanocms:enano_cms:0.8.1:::::::*
enanocms	enano_cms	0.8.2	cpe:2.3:a:enanocms:enano_cms:0.8.2:::::::*
enanocms	enano_cms	0.8.3	cpe:2.3:a:enanocms:enano_cms:0.8.3:::::::*
enanocms	enano_cms	0.8.4	cpe:2.3:a:enanocms:enano_cms:0.8.4:::::::*
enanocms	enano_cms	0.9.1	cpe:2.3:a:enanocms:enano_cms:0.9.1:::::::*
enanocms	enano_cms	0.9.2	cpe:2.3:a:enanocms:enano_cms:0.9.2:::::::*
enanocms	enano_cms	0.9.3	cpe:2.3:a:enanocms:enano_cms:0.9.3:::::::*
enanocms	enano_cms	1.0	cpe:2.3:a:enanocms:enano_cms:1.0:::::::*
enanocms	enano_cms	1.0.1	cpe:2.3:a:enanocms:enano_cms:1.0.1:::::::*

Rows per page:

1-10 of 271

References

enanocms.org/News:Article/2010/11/16/Enano_1.1.8.2c_1.0.6pl3.2c_and_1.1.7pl2_released

packetstormsecurity.org/files/view/96229/enanocms-sqldisclose.txt

securityreason.com/securityalert/8183

www.exploit-db.com/exploits/15645

www.htbridge.ch/advisory/path_disclosure_in_enano_cms.html

www.securityfocus.com/bid/45120

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.3

Confidence

Low

EPSS

0.008

Percentile

82.0%

JSON

Related for CVE-2010-4781