CVE-2009-3756

CVE-2009-3756 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

phpBMS 0.96 allows remote attackers to obtain sensitive information via a direct request to (1) footer.php, (2) header.php, (3) the show action in advancedsearch.php, and (4) choicelist.php, which reveals the installation path in an error message.

Learn more about our Web Application Penetration Testing UK.