DBHcms suffers from a path disclosure vulnerability.
e10dd294c75e3592f6f977c9288a459034ea7ee0d39c7da3d59044fd7fac64f5Vulnerability ID: HTB22796
Reference: http://www.htbridge.ch/advisory/path_disclousure_in_dbhcms.html
Product: DBHcms
Vendor: Kai-Sven Bunk ( http://www.drbenhur.com/ )
Vulnerable Version:
Vendor Notification: 13 January 2011
Vulnerability Type: Path disclosure
Status: Awaiting Vendor Response
Risk level: Low
Credit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing (http://www.htbridge.ch/)
Vulnerability Details:
The vulnerability exists due to failure in the "/dbhcms/ext/news/ext.news.settings.php" script, it's possible to generate an error that will reveal the full path of the script.
A remote user can determine the full path to the web root directory and other potentially sensitive information.
http://host/dbhcms/ext/news/ext.news.settings.php
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed