Exponent CMS 0.96.3 and later versions includes the full installation path in the base parameter to thumb.php, which allows remote malicious users to obtain sensitive information. NOTE: this might be resultant from an absolute path traversal vulnerability.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
exponent exponent 0.95 |
||
exponent exponent 0.96.3 |
||
exponent exponent 0.94 |
||
exponent exponent 0.96.1 |
||
exponent exponent 0.96.4 |