Tribiq CMS: Path disclosure Vulnerability

Users of Tribiq CMS please be advised of a Path disclosure vulnerability that has been identified.
To view this vulnerability, possible remedies, and others please check out the Security Advisories at Critical Watch (http://criticalwatch.com/support/security-advisories.aspx)

HTB22640: [HTB22640] Path disclosure in Tribiq CMS
Product: Tribiq CMS
Vulnerability Type: Path disclosure
Vulnerability Details:

The vulnerability exists due to failure in the “/index.php” script to properly sanitize user-supplied input in “cType”, “cID” variables, it’s possible to generate an error that will reveal the full path of the script.

A remote user can determine the full path to the web root directory and other potentially sensitive information.Read more at http://www.criticalwatch.com
 

Advertisements