CVE-2014-8939

2020-06-0116:25:06

mitre

www.cve.org

AI Score

5.2

Confidence

High

EPSS

0.003

Percentile

66.3%

JSON

Lexiglot through 2014-11-20 allows remote attackers to obtain sensitive information (full path) via an include/smarty/plugins/modifier.date_format.php request if PHP has a non-recommended configuration that produces warning messages.

References

www.justanotherhacker.com/2018/05/jahx181_-_piwigo_lexiglot_multiple_vulnerabilities.html