PaperThin CommonSpot Content Server 4.5 and previous versions allow remote malicious users to obtain sensitive information via an invalid errmsg parameter to loader.cfm with a url parameter set to email-login-info.cfm, which leaks the full pathname in the resulting error message.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
paperthin commonspot content server 3.2 |
||
paperthin commonspot content server 4.0 |
||
paperthin commonspot content server |
||
paperthin commonspot content server 2.5 |
||
paperthin commonspot content server 3.0 |