header-logo
Suggest Exploit
vendor:
Stellar Docs
by:
SecurityFocus
3.3
CVSS
MEDIUM
Path Disclosure
200
CWE
Product Name: Stellar Docs
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2002

Stellar Docs Path Disclosure Vulnerability

Stellar Docs will disclose path information in an error page in response to a request for an invalid request for a web resource. This could disclose information that could be useful in further attacks against the system. It should be noted the error output indicates that a database function has failed, which may be due to a more serious issue, such as SQL injection.

Mitigation:

Ensure that the web server is configured to not disclose path information in error messages.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/8385/info

Stellar Docs will disclose path information in an error page in response to a request for an invalid request for a web resource. This could disclose information that could be useful in further attacks against the system. It should be noted the error output indicates that a database function has failed, which may be due to a more serious issue, such as SQL injection.

http://www.example.com/pathofstellardocs/data/fetch.php?page='

Navigation

Suggest Exploit

Services By CQR