Description
index.php in Enano CMS 1.1.7pl1, and possibly other versions before 1.1.8, 1.0.6pl3, and 1.1.7pl2, allows remote attackers to obtain sensitive information via a crafted title parameter, which reveals the installation path in an error message.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by High-Tech Bridge SA · textwebappsphp
https://www.exploit-db.com/exploits/15645
References (6)
Core 6
Core References
Various Sources x_refsource_confirm
http://enanocms.org/News:Article/2010/11/16/Enano_1.1.8.2c_1.0.6pl3.2c_and_1.1.7pl2_released
Exploit exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/15645
Exploit x_refsource_misc
http://www.htbridge.ch/advisory/path_disclosure_in_enano_cms.html
Exploit x_refsource_misc
http://packetstormsecurity.org/files/view/96229/enanocms-sqldisclose.txt
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/8183
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/45120
Scores
EPSS
0.0477
EPSS Percentile
89.5%
Details
CWE
CWE-200
Status
published
Products (23)
enanocms/enano_cms
0.8.1
enanocms/enano_cms
0.8.2
enanocms/enano_cms
0.8.3
enanocms/enano_cms
0.8.4
enanocms/enano_cms
0.9.1
enanocms/enano_cms
0.9.2
enanocms/enano_cms
0.9.3
enanocms/enano_cms
1.0
enanocms/enano_cms
1.0.1
enanocms/enano_cms
1.0.2
... and 13 more
Published
Apr 07, 2011
Tracked Since
Feb 18, 2026