Viewcat.php in (1) RUNCMS 1.1A, (2) Ciamos 0.9.2 RC1, e-Xoops 1.05 Rev3, and possibly other products based on e-Xoops (exoops), allow remote malicious users to obtain sensitive information via an invalid parameter to the convertorderbytrans function, which reveals the path in a PHP error message.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
runcms runcms 1.1a |
||
e-xoops e-xoops 1.05_rev3 |
||
ciamos ciamos 0.9.2_rc1 |