CVE-2003-1242

Sage 1.0 b3 - Information Disclosure via Non-Existent Module Request

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2003-1242. PoCs published by euronymous.

AI-analyzed exploit summary The exploit describes a path disclosure vulnerability in Sage Content Management System where error messages reveal the full installation path when invalid module requests are made. This information could aid further attacks.

Description

Sage 1.0 b3 allows remote attackers to obtain the root web server path via a URL request for a non-existent module, which returns the path in an error message.

Exploits (1)

exploitdb WRITEUP VERIFIED

by euronymous · textremotewindows

https://www.exploit-db.com/exploits/22269

View Code ZIP pw:eip

The exploit describes a path disclosure vulnerability in Sage Content Management System where error messages reveal the full installation path when invalid module requests are made. This information could aid further attacks.

Classification

Writeup 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Sage Content Management System

No auth needed

Prerequisites: Access to the target web application

MITRE ATT&CK

T1114 - Email Collection T1213 - Data from Information Repositories

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3

Core References

Third Party Advisory vdb-entry x_refsource_xf

http://www.iss.net/security_center/static/11372.php

Exploit, Vendor Advisory mailing-list x_refsource_bugtraq

http://archives.neohapsis.com/archives/bugtraq/2003-02/0236.html

Exploit vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/6893

Scores

EPSS 0.0679

EPSS Percentile 93.2%

Details

Status published

Published Dec 31, 2003

Tracked Since Feb 18, 2026