Vulnerabilities > CVE-2005-2897 - Information Disclosure vulnerability in Stylemotion web News 1.4

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
stylemotion

Summary

WEB//NEWS 1.4 allows remote attackers to obtain sensitive information via a direct request to files in the actions directory, which reveal the path in an error message, as demonstrated using cat.add.php.

Vulnerable Configurations

Part Description Count
Application
Stylemotion
1