Sensitive Information Disclosure in auraCMS 1.5 via Invalid id Parameter

Sensitive Information Disclosure in auraCMS 1.5 via Invalid id Parameter

CVE-2005-0655 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

auraCMS 1.5 allows remote attackers to obtain sensitive information via an HTTP request with an invalid id parameter to (1) teman.php, (2) hal.php, or (3) arsip.php, which reveals the path in a PHP error message.

Learn more about our Cms Pen Testing.