CVE-2008-7146

IntraLearn < 4.2 - Exposure of Sensitive Information via Direct Request to Help Pages

Title source: llm
STIX 2.1

Description

IntraLearn Software IntraLearn 2.1, and possibly other versions before 4.2.3, allows remote attackers to obtain sensitive information via a direct request to (1) Knowledge_Impact_Course.htm, (2) LRN-formatted_Course.htm, or (3) Create_Course.htm in help/1/Instructor/, which reveals the installation path in an error message.

References (4)

Core 4
Core References
Exploit vdb-entry x_refsource_osvdb
http://osvdb.org/42991
Exploit vdb-entry x_refsource_osvdb
http://osvdb.org/42993
Exploit vdb-entry x_refsource_osvdb
http://osvdb.org/42992

Scores

EPSS 0.0132
EPSS Percentile 67.6%

Details

CWE
CWE-200
Status published
Products (2)
intralearn/intralearn 2.1
intralearn/intralearn < 4.2
Published Sep 01, 2009
Tracked Since Feb 18, 2026