Exponent CMS 0.96.3 and later versions includes the full installation path in the base parameter to thumb.php, which allows remote attackers to obtain sensitive information. NOTE: this might be resultant from an absolute path traversal vulnerability.
Max CVSS
5.0
EPSS Score
0.60%
Published
2005-11-22
Updated
2008-09-05
1 vulnerabilities found