Vulnerabilities > CVE-2006-4989 - Input Validation vulnerability in Patrick Michaelis Wili-Cms 0.1.1

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
patrick-michaelis
exploit available

Summary

Patrick Michaelis Wili-CMS allows remote attackers to obtain sensitive information via a direct request for (1) thumbnail.php, (2) functions/admin/all.php, (3) functions/admin/init_session.php, (4) functions/all.php, and (5) certain files in example-view/admin_templates/, which reveals the path in various error messages.

Vulnerable Configurations

Part Description Count
Application
Patrick_Michaelis
1

Exploit-Db

descriptionWili-CMS <= 0.1.1 (include/xss/full path) Remote Vulnerabilities. CVE-2006-4987,CVE-2006-4988,CVE-2006-4989. Webapps exploit for php platform
idEDB-ID:2414
last seen2016-01-31
modified2006-09-21
published2006-09-21
reporterHACKERS PAL
sourcehttps://www.exploit-db.com/download/2414/
titleWili-CMS <= 0.1.1 include/xss/full path Remote Vulnerabilities