header-logo
Suggest Exploit
vendor:
eZ Publish
by:
SecurityFocus
8.8
CVSS
HIGH
Sensitive Information Disclosure
200
CWE
Product Name: eZ Publish
Affected Version From: eZ Publish 2.2
Affected Version To: eZ Publish 2.2.3
Patch Exists: YES
Related CWE: CVE-2003-0252
CPE: a:ez_systems:ez_publish
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Linux, Windows, Mac OS X
2003

eZ Publish Sensitive Information Disclosure Vulnerability

eZ Publish is prone to a sensitive information disclosure vulnerability. An attacker can make a request for and download the underlying site.ini configuration file, which contains eZ Publish administration credentials stored in plaintext format.

Mitigation:

To mitigate this vulnerability, administrators should ensure that the site.ini file is not accessible from the web server.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/7347/info

eZ Publish has been reported prone to sensitive information disclosure vulnerability.

An attacker may make a request for and download the underlying site.ini configuration file. The file contains eZ Publish administration credentials stored in plaintext format. Any HTTP requests for this file will reveal the contents of this file to remote attackers. 

http://[target]/settings/site.ini

Navigation

Suggest Exploit

Services By CQR