Vulners
Lucene search
Amiro.CMS <= 5.4.0.0 folder disclosure
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
[ONSEC-09-005] Amiro.CMS root folder disclosure
Objective: Amiro CMS <= 5.4.0.0
Type: Disclosure of ways
Threat: Medium
Date Discovered: 01.07.2009
Date of notification Developer: 01.07.2009
Released fixes: 06.10.2009
Author: Vladimir Vorontsov
OnSec Russian Security Group (onsec [dot] ru)
Description: A vulnerability exists due to improper handling-line user name
to log into the administrative console. When you enter your user name%%%
attacker can gain information on the full path when you install
applications, as well as some of the names of internal variables. In
consequence of the fact that the function quits, the administrator does not
know of the compromise of the system through the module, "History of
logins.
Implementation:
In the administrative console login prompt, enter the user name:
%%%
and will realize the login attempt
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
References: (on Russian)
http://onsec.ru/vuln?id=11
http://onsec.ru/vuln?id=12
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
19 Oct 2009 00:00Current
7.1High risk
Vulners AI Score7.1