Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-7154

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2008-7154
Last Modified 03 Sep 2009 12:00:00
Published 02 Sep 2009 01:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2008-7154

Summary

Docebo 3.5.0.3 and earlier allows remote attackers to obtain sensitive information via a direct request to (1) class/class.conf_fw.php, (2) class.module/class.event_manager.php, (3) lib/lib.domxml5.php, or (4) menu/menu_over.php in doceboCore/; or (5) class/class.conf_cms.php, (6) lib/lib.compose.php, (7) modules/chat/teleskill.php, or (8) class/class.admin_menu_cms.php in doceboCms/; which reveals the installation path in an error message.

Vulnerable Systems

Application

  • Docebo 3.0.3

  • Docebo 3.0.4

  • Docebo 3.0.5

  • Docebo 3.5 Beta

  • Docebo 3.5.0.3


References

MISC - http://www.docebo.org/doceboCms/bugtracker/18_124/bugdetails/appid_24-bugid_198/bugtracker.html

BID - 27211

MILW0RM - 4879


Last Updated: 27 May 2016 10:49:29