Jupiter CMS 敏感信息泄露漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1193470 漏洞类型 输入验证
发布时间 2006-09-19 更新时间 2006-09-28
CVE编号 CVE-2006-4873 CNNVD-ID CNNVD-200609-313
漏洞平台 N/A CVSS评分 5.0
|漏洞来源
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200609-313
|漏洞详情
JupiterCMS远程攻击者通过直接请求(1)includes/functions.php,(2)modules/register.php,(3)modules/poll.php,(4)modules/panel.php,(5)modules/pm.php,(6)modules/news.php,(7)modules/templates_change.php,(8)modules/users.php,(9)modules/misc.php,(10)modules/masspm.php,(11)modules/mass-email.php,(12)modules/main-nav.php,(13)modules/login.php,(14)modules/layout.php,(15)modules/hq.php,(16)modules/forum.php,(17)modules/forum-admin.php,(18)modules/events.php,(19)modules/emoticons.php,(20)modules/download.php,(21)modules/blocks.php,(22)modules/ban.php,(23)modules/badwords.php,(24)modules/ads.php或(25)modules/admin.php,在各种错误消息中揭示安装路径,从而获取敏感信息。
|参考资料

来源:BID
名称:20048
链接:http://www.securityfocus.com/bid/20048
来源:BUGTRAQ
名称:20060915JupiterCMSMultipleinjections
链接:http://www.securityfocus.com/archive/1/archive/1/446064/100/0/threaded
来源:SREASON
名称:1608
链接:http://securityreason.com/securityalert/1608