header-logo
Suggest Exploit
vendor:
Ciamos
by:
SecurityFocus
7.5
CVSS
HIGH
File Disclosure
200
CWE
Product Name: Ciamos
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2005

Ciamos File Disclosure Vulnerability

Ciamos is reported prone to a file disclosure vulnerability. The full scope of this vulnerability is not currently known, however, it is demonstrated that this issue may be leveraged to disclose the source of PHP files contained in a Ciamos installation. A remote attacker may exploit this vulnerability to reveal files that contain potentially sensitive information. Information that is harvested in this manner may then be used to aid in further attacks against the software and the computer that is hosting the software.

Mitigation:

Ensure that the web server is configured to deny access to sensitive files and directories.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/12854/info

Ciamos is reported prone to a file disclosure vulnerability. The full scope of this vulnerability is not currently known, however, it is demonstrated that this issue may be leveraged to disclose the source of PHP files contained in a Ciamos installation.

A remote attacker may exploit this vulnerability to reveal files that contain potentially sensitive information. Information that is harvested in this manner may then be used to aid in further attacks against the software and the computer that is hosting the software.

http://www.example.com/ciamosinstalation/class/debug/highlight.php?file=ciamosinstallationpath\mainfile.php&line=151#151

Navigation

Suggest Exploit

Services By CQR