header-logo
Suggest Exploit
vendor:
eStore
by:
SecurityFocus
3.3
CVSS
MEDIUM
Path Disclosure
200
CWE
Product Name: eStore
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

eStore Path Disclosure Vulnerability

It has been reported that a remote attacker may make a direct HTTP request for an eStore include script and in doing so trigger an error. The resulting error message will disclose potentially sensitive installation path information to the remote attacker.

Mitigation:

Ensure that the web server is configured to not disclose the installation path information.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/8220/info

eStore is prone to a path disclosure vulnerability.

It has been reported that a remote attacker may make a direct HTTP request for an eStore include script and in doing so trigger an error. The resulting error message will disclose potentially sensitive installation path information to the remote attacker.

http://www.example.com/admin/settings.inc.php

Navigation

Suggest Exploit

Services By CQR