Search...

ArtGK CMS Path Disclosure

2011-02-15T00:00:00

ID PACKETSTORM:98500
Type packetstorm
Reporter High-Tech Bridge SA
Modified 2011-02-15T00:00:00

Description

                                        
                                            `Vulnerability ID: HTB22832  
Reference: http://www.htbridge.ch/advisory/path_disclosure_in_artgk_cms.html  
Product: ArtGK CMS  
Vendor: ArtGK ( http://artgk-cms.ru/ )   
Vulnerable Version: 2009-08-28 16:00:00 and Probably Prior Versions  
Vendor Notification: 01 February 2011   
Vulnerability Type: Path disclosure  
Risk level: Low   
Credit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing (http://www.htbridge.ch/)   
  
Vulnerability Details:  
The vulnerability exists due to failure in the "cms/classes/CCore.php", "cms/classes/CDBCXML.php", "cms/classes/CTag.php" scripts, it's possible to generate an error that will reveal the full path of the script.  
A remote user can determine the full path to the web root directory and other potentially sensitive information.  
http://host/cms/classes/CCore.php  
http://host/cms/classes/CDBCXML.php  
http://host/cms/classes/CTag.php  
  
  
  
`

JSON Vulners Source

Initial Source

{"id": "PACKETSTORM:98500", "type": "packetstorm", "bulletinFamily": "exploit", "title": "ArtGK CMS Path Disclosure", "description": "", "published": "2011-02-15T00:00:00", "modified": "2011-02-15T00:00:00", "cvss": {"vector": "NONE", "score": 0.0}, "href": "https://packetstormsecurity.com/files/98500/ArtGK-CMS-Path-Disclosure.html", "reporter": "High-Tech Bridge SA", "references": [], "cvelist": [], "lastseen": "2016-11-03T10:29:31", "viewCount": 1, "enchantments": {"score": {"value": -0.1, "vector": "NONE", "modified": "2016-11-03T10:29:31", "rev": 2}, "dependencies": {"references": [], "modified": "2016-11-03T10:29:31", "rev": 2}, "vulnersScore": -0.1}, "sourceHref": "https://packetstormsecurity.com/files/download/98500/artgkcms-disclose.txt", "sourceData": "`Vulnerability ID: HTB22832 \nReference: http://www.htbridge.ch/advisory/path_disclosure_in_artgk_cms.html \nProduct: ArtGK CMS \nVendor: ArtGK ( http://artgk-cms.ru/ ) \nVulnerable Version: 2009-08-28 16:00:00 and Probably Prior Versions \nVendor Notification: 01 February 2011 \nVulnerability Type: Path disclosure \nRisk level: Low \nCredit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing (http://www.htbridge.ch/) \n \nVulnerability Details: \nThe vulnerability exists due to failure in the \"cms/classes/CCore.php\", \"cms/classes/CDBCXML.php\", \"cms/classes/CTag.php\" scripts, it's possible to generate an error that will reveal the full path of the script. \nA remote user can determine the full path to the web root directory and other potentially sensitive information. \nhttp://host/cms/classes/CCore.php \nhttp://host/cms/classes/CDBCXML.php \nhttp://host/cms/classes/CTag.php \n \n \n \n`\n", "immutableFields": []}