Exponent CMS 0.96.3 and later versions includes the full installation path in the base parameter to thumb.php, which allows remote attackers to obtain sensitive information. NOTE: this might be resultant from an absolute path traversal vulnerability.
AV:N/AC:L/Au:N/C:P/I:N/A:N
22/11/2005
by Exponent
18 years ago