CVE-2012-4674

PluXml < 5.1.6 - Unauthenticated Installation Path Exposure via PHPSESSID

Title source: llm
STIX 2.1

Description

PluXml before 5.1.6 allows remote attackers to obtain the installation path via the PHPSESSID.

References (2)

Core 2
Core References
Various Sources x_refsource_confirm
http://telechargements.pluxml.org/changelog
Various Sources x_refsource_confirm
http://www.pluxml.org/article59/sortie-de-pluxml-5-1-6

Scores

EPSS 0.0117
EPSS Percentile 63.7%

Details

CWE
CWE-200
Status published
Products (1)
pluxml/pluxml < 5.1.5
Published Aug 26, 2012
Tracked Since Feb 18, 2026