Description
csFAQ.cgi in csFAQ allows remote attackers to gain sensitive information via an invalid database parameter, which reveals the path to the web server in an error message.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by DarkBicho · textwebappscgi
https://www.exploit-db.com/exploits/24237
References (4)
Core 4
Core References
Various Sources x_refsource_misc
http://www.swp-zone.org/archivos/advisory-08.txt
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=108844203121238&w=2
Exploit, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/10618
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/16526
Scores
EPSS
0.0525
EPSS Percentile
90.0%
Details
Status
published
Products (2)
cgiscript.net/csfaq
cgiscript.net/csfaq
1.0
Published
Aug 06, 2004
Tracked Since
Feb 18, 2026