CVE-2011-0774
PivotX - Exposure of Sensitive Information via Direct Request to includes/ping.php and includes/spamping.php
Title source: llmDescription
PivotX before 2.2.2 allows remote attackers to obtain sensitive information via a direct request to (1) includes/ping.php and (2) includes/spamping.php, which reveals the installation path in an error message.
References (3)
Core 3
Core References
Patch, Vendor Advisory x_refsource_confirm
http://blog.pivotx.net/archive/2011/01/11/pivotx-222-released
Exploit x_refsource_misc
http://www.htbridge.ch/advisory/path_disclousure_in_pivotx.html
Patch x_refsource_confirm
http://pivot-weblog.svn.sf.net/viewvc/pivot-weblog?view=revision&revision=3410
Scores
EPSS
0.0135
EPSS Percentile
68.2%
Details
CWE
CWE-200
Status
published
Products (1)
pivotx/pivotx
2.2.2
Published
Feb 04, 2011
Tracked Since
Feb 18, 2026