CVE-2009-3802

2009-10-2716:00:00

mitre

www.cve.org

6.2 Medium

AI Score

Confidence

Low

0.015 Low

EPSS

Percentile

87.1%

JSON

Amiro.CMS 5.4.0.0 and earlier allows remote attackers to obtain sensitive information via an invalid loginname (“%%%”) to _admin/index.php, which reveals the installation path and other information in an error message.

References

packetstormsecurity.org/0910-exploits/ONSEC-09-005.txt

secunia.com/advisories/37065

www.onsec.ru/vuln?id=12

www.vupen.com/english/advisories/2009/2967

exchange.xforce.ibmcloud.com/vulnerabilities/53894