Tribiq CMS Direct Request Information Disclosure Vulnerability Network Vulnerability

Summary

This host is installed with Tribiq CMS and is prone to information disclosure vulnerability

Impact

Successful exploitation will allow remote attackers to gain knowledge of the web root directory and other potentially sensitive information. Impact Level: Application

Solution

Upgrade to Tribiq CMS version 5.2.7c or later. For updates refer http://sourceforge.net/projects/tribiq

Insight

The error exists as application reveals the full path to installation directory in an error message.

Affected

Tribiq CMS version 5.2.7b and probably prior.

Detection

Send a crafted HTTP GET request and check whether it is possible to read full path to installation directory

References

http://osvdb.org/72025
https://www.htbridge.com/advisory/HTB22857

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-2727

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Andromeda Streaming MP3 Server Cross Site Scripting Vulnerability
Abtp Portal Project 'ABTPV_BLOQUE_CENT' Parameter Local and Remote File Include Vulnerabilities
/cgi-bin directory browsable ?
A Really Simple Chat Multiple XSS Vulnerabilities
Adobe ColdFusion Multiple Vulnerabilities-03 May-2014

Take action and discover your vulnerabilities