Description
admin.php in SkyBlueCanvas 1.1 r237 allows remote authenticated administrators to obtain sensitive information via an invalid id parameter, which reveals the installation path in an error message.
References (3)
Core 3
Core References
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/35478
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/51164
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/504302/100/0/threaded
Scores
EPSS
0.0113
EPSS Percentile
62.5%
Details
CWE
CWE-200
Status
published
Products (1)
skybluecanvas/skybluecanvas
1.1
Published
Jun 18, 2009
Tracked Since
Feb 18, 2026