vendor:
Redaxscript
by:
High-Tech Bridge SA - Ethical Hacking & Penetration Testing
3.3
CVSS
LOW
Path disclosure
CWE
Product Name: Redaxscript
Affected Version From: 2000.3.2
Affected Version To:
Patch Exists: YES
Related CWE:
CPE: redaxscript
Platforms Tested:
2011
Path Disclosure in Redaxscript
The vulnerability exists due to failure in the "/templates/default/index.php" script, it's possible to generate an error that will reveal the full path of the script. A remote user can determine the full path to the web root directory and other potentially sensitive information.
Mitigation:
Upgrade to the most recent version