Summary
This host is installed with Tribiq CMS
and is prone to information disclosure vulnerability
Impact
Successful exploitation will allow remote
attackers to gain knowledge of the web root directory and other potentially sensitive information.
Impact Level: Application
Solution
Upgrade to Tribiq CMS version 5.2.7c or
later. For updates refer http://sourceforge.net/projects/tribiq
Insight
The error exists as application reveals
the full path to installation directory in an error message.
Affected
Tribiq CMS version 5.2.7b and probably
prior.
Detection
Send a crafted HTTP GET request and check
whether it is possible to read full path to installation directory
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2011-2727 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Apache Roller 'q' Parameter Cross Site Scripting Vulnerability
- Apache Tomcat SecurityConstraints Security Bypass Vulnerability
- AeroMail Cross Site Request Forgery, HTML Injection and Cross Site Scripting Vulnerabilities
- AjaXplorer Remote Command Injection and Local File Disclosure Vulnerabilities
- Abtp Portal Project 'ABTPV_BLOQUE_CENT' Parameter Local and Remote File Include Vulnerabilities