header-logo
Suggest Exploit
vendor:
News Wizard
by:
SecurityFocus
3,3
CVSS
MEDIUM
Path Disclosure
200
CWE
Product Name: News Wizard
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

News Wizard Path Disclosure Vulnerability

News Wizard is vulnerable to path disclosure vulnerability. An attacker can send a request for an invalid web resource to the server and the server will respond with an error page which will disclose the path information. This information can be used to further attack the system.

Mitigation:

The best way to mitigate this vulnerability is to ensure that the error messages do not contain any sensitive information.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/8389/info

News Wizard will disclose path information in an error page in response to a request for an invalid request for a web resource. This could disclose information that could be useful in further attacks against the system.

http://www.example.com/path/nw/article.php?id='

Navigation

Suggest Exploit

Services By CQR