CVE-2012-3838

2012-07-0322:00:00

mitre

www.cve.org

gekko

remote path disclosure

security vulnerability

AI Score

6.6

Confidence

Low

EPSS

0.003

Percentile

71.9%

JSON

Gekko before 1.2.0 allows remote attackers to obtain the installation path via a direct request to (1) admin/templates/babygekko/index.php or (2) templates/html5demo/index.php.

References

www.babygekko.com/site/news/general/baby-gekko-v1-2-0-released-with-3rd-party-independent-security-testing-performed-by-zero-science-lab.html

www.exploit-db.com/exploits/18827

www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5086.php