EZ Publish 2.2.7/3.0 - Multiple Full Path Disclosure Vulnerabilities
| EKU-ID: 27971 | CVE: OSVDB-6561 | OSVDB-ID: |
| Author: gregory Le Bras | Published: 2003-04-15 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 27971 | CVE: OSVDB-6561 | OSVDB-ID: |
| Author: gregory Le Bras | Published: 2003-04-15 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/7349/info Several path disclosure vulnerabilities have been reported for eZ Publish. An attacker can exploit this vulnerability by making a HTTP request for any of the affected pages. This may result in a condition where path information is returned to the attacker. http://[target]/kernel/class/delete.php http://[target]/kernel/classes/ezrole.php