QwikSec

Security Database

CVE

CWE

Training

CVE-2009-4943

Published: Jul 22, 2010

Modified: Aug 7, 2024

PUBLISHED

Description

index.php in AdPeeps 8.5d1 allows remote attackers to obtain sensitive information via (1) a view_adrates action with an invalid uid parameter, which reveals the installation path in an error message; or (2) an adminlogin action with a crafted uid parameter, which reveals the version number.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

20090527 [InterN0T] AdPeeps 8.5d1 - XSS and HTML Injection Vulnerabilities

mailing-list

x_refsource_BUGTRAQ

http://forum.intern0t.net/exploits-vulnerabilities-pocs/1049-intern0t-adpeeps-8-5d1-cross-site-scripting-html-injection-vulnerabilities.html

x_refsource_MISC

20090528 Re: [InterN0T] AdPeeps 8.5d1 - XSS and HTML Injection Vulnerabilities

mailing-list

x_refsource_BUGTRAQ

adpeeps-index-path-disclosure(50822)

vdb-entry

x_refsource_XF

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.