Lucene search

K
htbridgeHigh-Tech BridgeHTB22708
HistoryNov 16, 2010 - 12:00 a.m.

Installation Path Disclosure Weakness in Enano CMS

2010-11-1600:00:00
High-Tech Bridge
www.htbridge.com
26

0.011 Low

EPSS

Percentile

84.7%

High-Tech Bridge SA Security Research Lab has discovered a weakness in Enano CMS which could be exploited to gain access to potentially sensitive information.

  1. Installation path disclosure weakness in Enano CMS: CVE-2010-4781
    The weakness exists due to application reveals the full path to installation directory in an error message. A remote attacker can directly access the “/index.php” script and gain knowledge of the web root directory and other potentially sensitive information. Successful exploitation requires that php_display_errors variable is on.
    Exploitation examples:

http://[host]/index.php?title=Special:Captcha/1
http://[host]/index.php?tit le[]=1

CPENameOperatorVersion
enano cmsle1.1.7pl1

0.011 Low

EPSS

Percentile

84.7%

Related for HTB22708