CMS Chainuk 1.2 and previous versions allows remote malicious users to obtain sensitive information via (1) a crafted id parameter to index.php or (2) a nonexistent folder name in the id parameter to admin/admin_delete.php, which reveals the installation path in an error message.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
cms.tut.su cms chainuk |