Exponent CMS 0.96.3 and later versions includes the full installation path in the base parameter to thumb.php, which allows remote attackers to obtain sensitive information. NOTE: this might be resultant from an absolute path traversal vulnerability.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Exponent | Exponent | 0.94 | 0.94 |
Exponent | Exponent | 0.96.3 | 0.96.3 |
Exponent | Exponent | 0.96.1 | 0.96.1 |
Exponent | Exponent | 0.95 | 0.95 |
Exponent | Exponent | 0.96.4 | 0.96.4 |