ColdFusion Fusebox 4.1.0 allows remote malicious users to obtain sensitive information via an invalid fuseaction parameter, which leaks the full server path in an error message, as demonstrated using the "?" (question mark) character.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
macromedia coldfusion fusebox 4.1.0 |