CVE-2007-3290

2007-06-2021:00:00

mitre

www.cve.org

6.6 Medium

AI Score

Confidence

Low

0.016 Low

EPSS

Percentile

87.3%

JSON

categoria.php in LiveCMS 3.4 and earlier allows remote attackers to obtain sensitive information via a ’ (quote) character in the cid parameter, which reveals the path in a forced SQL error message.

References

osvdb.org/37490

secunia.com/advisories/25744

www.securityfocus.com/bid/24580

exchange.xforce.ibmcloud.com/vulnerabilities/35147

www.exploit-db.com/exploits/4082