Vulnerabilities > CVE-2005-3763 - Information Disclosure vulnerability in Exponent

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

exponent

nessus

NVD

Published: 2005-11-22

Updated: 2008-09-05

Summary

Exponent CMS 0.96.3 and later versions includes the full installation path in the base parameter to thumb.php, which allows remote attackers to obtain sensitive information. NOTE: this might be resultant from an absolute path traversal vulnerability.

Vulnerable Configurations

Part	Description	Count
Application	Exponent Exponent Exponent 0.94 Exponent Exponent 0.95 Exponent Exponent 0.96.1 Exponent Exponent 0.96.3 Exponent Exponent 0.96.4	5

Nessus

NASL family	CGI abuses
NASL id	EXPONENT_0964.NASL
description	The remote host is running Exponent CMS, an open source content management system written in PHP. The version of Exponent CMS installed on the remote host fails to sanitize input to the
last seen	2020-06-01
modified	2020-06-02
plugin id	20211
published	2005-11-16
reporter	This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/20211
title	Exponent CMS < 0.96.4 Multiple Remote Vulnerabilities (XSS, SQLi, Code Exe, Disc)

Summary

Vulnerable Configurations

Nessus

References