header-logo
Suggest Exploit
vendor:
Amiro.CMS
by:
Vladimir Vorontsov
5.5
CVSS
MEDIUM
Disclosure of ways
N/A
CWE
Product Name: Amiro.CMS
Affected Version From: Amiro CMS <= 5.4.0.0
Affected Version To: Amiro CMS <= 5.4.0.0
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

Amiro.CMS root folder disclosure

A vulnerability exists due to improper handling-line user name to log into the administrative console. When you enter your user name%%%, attacker can gain information on the full path when you install applications, as well as some of the names of internal variables. In consequence of the fact that the function quits, the administrator does not know of the compromise of the system through the module, 'History of logins.'

Mitigation:

N/A
Source

Exploit-DB raw data:

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

[ONSEC-09-005] Amiro.CMS root folder disclosure 
Objective: Amiro CMS <= 5.4.0.0 
Type: Disclosure of ways 
Threat: Medium 
Date Discovered: 01.07.2009 
Date of notification Developer: 01.07.2009 
Released fixes: 06.10.2009 
Author: Vladimir Vorontsov 
OnSec Russian Security Group (onsec [dot] ru) 
Description: A vulnerability exists due to improper handling-line user name
to log into the administrative console. When you enter your user name%%%
attacker can gain information on the full path when you install
applications, as well as some of the names of internal variables. In
consequence of the fact that the function quits, the administrator does not
know of the compromise of the system through the module, "History of
logins. 

Implementation: 

In the administrative console login prompt, enter the user name: 

%%% 

and will realize the login attempt

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
References: (on Russian)
http://onsec.ru/vuln?id=11
http://onsec.ru/vuln?id=12

Navigation

Suggest Exploit

Services By CQR