Path Disclosure Vulnerability in CONTENS 3.0 and Earlier via search.cfm Parameters

Path Disclosure Vulnerability in CONTENS 3.0 and Earlier via search.cfm Parameters

CVE-2005-4389 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

search.cfm in CONTENS 3.0 and earlier allows remote attackers to obtain the full server path via invalid (1) submit.y, (2) bool, (3) itemsperpage, (4) submit, (5) submit.x, (6) criteria, (7) advanced, and (8) intern parameters.

Learn more about our Cis Benchmark Audit For Server Software.