CVE-2012-4257
George Karpouzas Yet Another Question... - Information Disclosure
Title source: ruleDescription
Yaqas (Yet Another Question & Answer System) 1.0 Alpha 1 allows remote attackers to obtain sensitive information via an invalid character in the PHPSESSID, which reveals the installation path in an error message.
References (3)
Core 3
Core References
Exploit x_refsource_misc
http://packetstormsecurity.org/files/112248/Yaqas-CMS-Alpha1-Information-Disclosure.html
Exploit x_refsource_misc
http://hauntit.blogspot.com/2012/03/en-yaqas-cms-alpha1-information.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/75205
Scores
EPSS
0.0148
EPSS Percentile
70.9%
Details
CWE
CWE-200
Status
published
Products (1)
george_karpouzas/yet_another_question_\&_answer_system
1.0 alpha1
Published
Aug 13, 2012
Tracked Since
Feb 18, 2026