CVE-2006-3003

2006-06-1301:00:00

mitre

www.cve.org

6.1 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

77.0%

JSON

details.php in Easy Ad-Manager allows remote attackers to obtain the full installation path via an invalid mbid parameter, which leaks the path in an error message. NOTE: this might be resultant from another vulnerability, since this vector also produces cross-site scripting (XSS). NOTE: on 20060829, the vendor notified CVE that this issue has been fixed.

References

secunia.com/advisories/20539

securityreason.com/securityalert/1079

www.securityfocus.com/archive/1/436413

exchange.xforce.ibmcloud.com/vulnerabilities/27110