Vulnerability CVE-2011-2727
Published: 2014-12-29   Modified: 2014-12-30

Description:
The (1) templatewrap/templatefoot.php, (2) cmsjs/plugin.js.php, and (3) cmsincludes/cms_plugin_api_link.inc.php scripts in Tribal Tribiq CMS before 5.2.7c allow remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error message.

CVSS2 => (AV:N/AC:M/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
Tribiq -> Tribiq cms 
Tribal -> Tribiq cms 

 References:
https://www.htbridge.com/advisory/HTB22857
Copyright 2024, cxsecurity.com

 

Back to Top