Pligg CMS version 1.1.3 suffers from a path disclosure vulnerability.
6b984ea8f5f5ae5f4016ca41219b784091c63f58ec6723c026db2e3fc3167876Vulnerability ID: HTB22787
Reference: http://www.htbridge.ch/advisory/path_disclousure_in_pligg_cms.html
Product: Pligg CMS
Vendor: Pligg ( http://www.pligg.com/ )
Vulnerable Version: 1.1.3
Vendor Notification: 11 January 2011
Vulnerability Type: Path disclosure
Status: Awaiting Vendor Response
Risk level: Low
Credit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing (http://www.htbridge.ch/)
Vulnerability Details:
The vulnerability exists due to failure in the "/modules/captcha/captcha_settings.php" script, it's possible to generate an error that will reveal the full path of the script.
A remote user can determine the full path to the web root directory and other potentially sensitive information.
http://[host]/modules/captcha/captcha_settings.php
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed