QwikSec

Security Database

CVE

CWE

Training

CVE-2005-4575

Published: Dec 29, 2005

Modified: Aug 7, 2024

PUBLISHED

Description

PaperThin CommonSpot Content Server 4.5 and earlier allow remote attackers to obtain sensitive information via an invalid errmsg parameter to loader.cfm with a url parameter set to email-login-info.cfm, which leaks the full pathname in the resulting error message.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://pridels0.blogspot.com/2005/12/commonspot-content-server-vuln.html

x_refsource_MISC

third-party-advisory

x_refsource_SECUNIA

vdb-entry

x_refsource_OSVDB

commonspot-loader-path-disclosure(23865)

vdb-entry

x_refsource_XF

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.