Description
pivot/tb.php in Pivot 1.40.4 and 1.40.7 allows remote attackers to obtain sensitive information via an invalid url parameter, which reveals the installation path in an error message.
Exploits (1)
References (3)
Core 3
Core References
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/8941
Exploit x_refsource_misc
http://forum.intern0t.net/intern0t-advisories/1119-intern0t-pivot-1-40-4-7-multiple-vulnerabilities.html
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/504300/100/0/threaded
Scores
EPSS
0.0417
EPSS Percentile
88.7%
Details
CWE
CWE-200
Status
published
Products (2)
pivot/pivot
1.40.4
pivot/pivot
1.40.7
Published
Jun 19, 2009
Tracked Since
Feb 18, 2026