VisNetic WebSite 3.5 allows remote malicious users to obtain the full pathname of the server via a request containing a folder that does not exist, which leaks the pathname in an error message, as demonstrated using _vti_bin/fpcount.exe.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
deerfield visnetic website 3.5.13 |
||
deerfield visnetic website 3.5.15 |
||
deerfield visnetic website 3.5.17 |