ID
VAR-E-201101-0004
TITLE
Hycus CMS 1.0.3 Path Disclosure
Trust: 0.5
DESCRIPTION
Hycus CMS version 1.0.3 suffers from a path disclosure vulnerability.
Trust: 0.5
AFFECTED PRODUCTS
| vendor: | hycus | model: | cms | scope: | eq | version: | 1.0.3 | Trust: 0.5 |
EXPLOIT
Vulnerability ID: HTB22795
Reference: http://www.htbridge.ch/advisory/path_disclousure_in_hycus_cms.html
Product: Hycus CMS
Vendor: Hycus Web Development Team ( http://www.hycus.com/ )
Vulnerable Version: 1.0.3 and probably prior versions
Vendor Notification: 13 January 2011
Vulnerability Type: Path disclosure
Status: Awaiting Vendor Response
Risk level: Low
Credit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing (http://www.htbridge.ch/)
Vulnerability Details:
The vulnerability exists due to failure in the "/templates/hycus_template/template.php" script, it's possible to generate an error that will reveal the full path of the script.
A remote user can determine the full path to the web root directory and other potentially sensitive information.
http://host/templates/hycus_template/template.php
Trust: 0.5
EXPLOIT HASH
LOCAL | SOURCE | ||||||||
|
|
Trust: 0.5
PRICE
free
Trust: 0.5
TYPE
info disclosure
Trust: 0.5
TAGS
| tag: | exploit | Trust: 0.5 |
| tag: | info disclosure | Trust: 0.5 |
CREDITS
High-Tech Bridge SA
Trust: 0.5
EXTERNAL IDS
| db: | PACKETSTORM | id: | 97950 | Trust: 0.5 |
SOURCES
| db: | PACKETSTORM | id: | 97950 |
LAST UPDATE DATE
2022-07-27T09:12:34.422000+00:00
SOURCES RELEASE DATE
| db: | PACKETSTORM | id: | 97950 | date: | 2011-01-27T10:10:10 |