Published: 07/04/2011 Updated: 22/09/2011

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 505

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

index.php in Enano CMS 1.1.7pl1, and possibly other versions prior to 1.1.8, 1.0.6pl3, and 1.1.7pl2, allows remote malicious users to obtain sensitive information via a crafted title parameter, which reveals the installation path in an error message.

Vulnerable Product	Search on Vulmon	Subscribe to Product
enanocms enano cms 1.1.4
enanocms enano cms 1.1.3
enanocms enano cms 0.8.2
enanocms enano cms 0.8.3
enanocms enano cms 1.0.2
enanocms enano cms 1.0.2b1
enanocms enano cms
enanocms enano cms 1.1.7
enanocms enano cms 1.0.6
enanocms enano cms 0.9.2
enanocms enano cms 0.9.3
enanocms enano cms 1.0.5
enanocms enano cms 1.1.6
enanocms enano cms 1.1.5
enanocms enano cms 0.8.1
enanocms enano cms 1.0
enanocms enano cms 1.0.1
enanocms enano cms 1.1.2
enanocms enano cms 1.1.1
enanocms enano cms 0.8.4
enanocms enano cms 0.9.1
enanocms enano cms 1.0.3
enanocms enano cms 1.0.4

Vulnerability ID: HTB22709 Reference: wwwhtbridgech/advisory/sql_injection_in_enano_cmshtml Product: Enano CMS Vendor: enanocmsorg ( enanocmsorg/ ) Vulnerable Version: 117pl1 Vendor Notification: 16 November 2010 Vulnerability Type: SQL Injection Status: Fixed by Vendor Risk level: High Credit: High-Tech Bridge SA - Ethical ...

CWE-200 http://www.exploit-db.com/exploits/15645 http://packetstormsecurity.org/files/view/96229/enanocms-sqldisclose.txt http://enanocms.org/News:Article/2010/11/16/Enano_1.1.8.2c_1.0.6pl3.2c_and_1.1.7pl2_released http://www.securityfocus.com/bid/45120 http://www.htbridge.ch/advisory/path_disclosure_in_enano_cms.html http://securityreason.com/securityalert/8183 https://nvd.nist.gov https://www.exploit-db.com/exploits/15645/

CVE-2010-4781

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect