CVE-2014-8702

MEDIUM

Wonder CMS 2014 - Info Disclosure

Title source: llm

Description

Wonder CMS 2014 allows remote attackers to obtain sensitive information by logging into the application with an array for the password, which reveals the installation path in an error message.

References (3)

[Third Party Advisory] http://rossmarks.uk/portfolio.php

[Exploit] http://rossmarks.uk/whitepapers/wonder_cms_2014.txt

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/97192

Scores

CVSS v3 5.3

EPSS 0.0029

EPSS Percentile 52.1%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Classification

CWE

CWE-200

Status published

Affected Products (2)

wondercms/wondercms

n/a/n/a

Timeline

Published Mar 17, 2017

Tracked Since Feb 18, 2026