Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-2864

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2008-2864
Last Modified 29 Jan 2009 01:51:30
Published 25 Jun 2008 08:36:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-2864

Summary

eLineStudio Site Composer (ESC) 2.6 and earlier allows remote attackers to obtain sensitive information via a direct request to (1) trigger.asp or (2) common2.asp in cms/include/, which reveals the database path.

Vulnerable Systems

Application

  • Elinestudio Site Composer 2.5

  • Elinestudio Site Composer 2.6


References

XF - esc-trigger-common-information-disclosure(43192)

BUGTRAQ - 20080619 eLineStudio Site Composer (ESC) <=2.6 Multiple Vulnerabilities

MILW0RM - 5859

MISC - http://www.bugreport.ir/?/45

SREASON - 3957


Last Updated: 27 May 2016 10:48:00