Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
htbridgeHigh-Tech BridgeHTB22708
HistoryNov 16, 2010 - 12:00 a.m.

Installation Path Disclosure Weakness in Enano CMS

2010-11-1600:00:00
High-Tech Bridge
www.htbridge.com
26

EPSS

0.011

Percentile

84.7%

JSON

High-Tech Bridge SA Security Research Lab has discovered a weakness in Enano CMS which could be exploited to gain access to potentially sensitive information.

  1. Installation path disclosure weakness in Enano CMS: CVE-2010-4781
    The weakness exists due to application reveals the full path to installation directory in an error message. A remote attacker can directly access the “/index.php” script and gain knowledge of the web root directory and other potentially sensitive information. Successful exploitation requires that php_display_errors variable is on.
    Exploitation examples:

http://[host]/index.php?title=Special:Captcha/1
http://[host]/index.php?tit le[]=1

Related

cve 1
prion 1
nvd 1
cvelist 1
cve
cve
CVE-2010-4781
2011-04-07 14:23:53
prion
prion
Design/Logic Flaw
2011-04-07 14:23:00
nvd
nvd
CVE-2010-4781
2011-04-07 14:23:53
cvelist
cvelist
CVE-2010-4781
2011-04-07 14:00:00

EPSS

0.011

Percentile

84.7%

JSON
Related for HTB22708
cve1prion1nvd1cvelist1