Home page logo

oss-sec logo oss-sec mailing list archives

Re: CVE-request Tribiq CMS path disclosure HTB22857
From: Josh Bressers <bressers () redhat com>
Date: Fri, 29 Jul 2011 15:59:05 -0400 (EDT)

Please use CVE-2011-2727



----- Original Message -----
Can I get CVE-identifier for this issue? Verified that this is a valid

Best regards,
Henri Salo

----- Forwarded message from advisory () htbridge ch -----

Date: Thu, 3 Mar 2011 12:50:21 +0100 (CET)
From: advisory () htbridge ch
To: bugtraq () securityfocus com
Subject: HTB22857: Path disclosure in Tribiq CMS

Vulnerability ID: HTB22857
Product: Tribiq CMS
Vendor: Tribal Limited ( http://tribiq.com/ )
Vulnerable Version: 5.2.7b and probably prior versions
Vendor Notification: 17 February 2011
Vulnerability Type: Path disclosure
Status: Fixed by Vendor
Risk level: Low
Credit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing

Vulnerability Details:
The vulnerability exists due to failure in the
"templatewrap/templatefoot.php", "cmsjs/plugin.js.php",
"cmsincludes/cms_plugin_api_link.inc.php" scripts, it's possible to
generate an error that will reveal the full path of the script.
A remote user can determine the full path to the web root directory
and other potentially sensitive information.


Solution: Upgrade to the most recent version

----- End forwarded message -----

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]