eStore 1.0.1/1.0.2 - 'Settings.inc.php' Full Path Disclosure
| EKU-ID: 28391 | CVE: CVE-2003-0586;OSVDB-11456 | OSVDB-ID: |
| Author: Bosen | Published: 2003-07-17 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 28391 | CVE: CVE-2003-0586;OSVDB-11456 | OSVDB-ID: |
| Author: Bosen | Published: 2003-07-17 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/8220/info eStore is prone to a path disclosure vulnerability. It has been reported that a remote attacker may make a direct HTTP request for an eStore include script and in doing so trigger an error. The resulting error message will disclose potentially sensitive installation path information to the remote attacker. http://www.example.com/admin/settings.inc.php