CitySoft Community Enterprise 4.x allows remote malicious users to obtain the full path of the server via an invalid (1) fuseaction parameter to index.cfm and (2) documentid parameter to document/docWindow.cfm.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
citysoft community enterprise 4.x |