9 lines
No EOL
449 B
Text
9 lines
No EOL
449 B
Text
source: https://www.securityfocus.com/bid/6893/info
|
|
|
|
Sage Content Management System contains a path disclosure vulnerability. When a request is made for a module that does not exist, the returned error message contains the full path to the Sage installation directory.
|
|
|
|
Disclosed path information could be used to launch further attacks against the system.
|
|
|
|
http://hostname/?mod=some_thing&op=browse
|
|
|
|
http://hostname/?mod=node&nid=some_thing&op=view |