Sensitive Information Disclosure in Battle for Wesnoth Filesystem Functions

CVE-2015-5069 · MEDIUM Severity

AV:N/AC:L/AU:S/C:P/I:N/A:N

The (1) filesystem::get_wml_location function in filesystem.cpp and (2) is_legal_file function in filesystem_boost.cpp in Battle for Wesnoth before 1.12.3 and 1.13.x before 1.13.1 allow remote attackers to obtain sensitive information via vectors related to inclusion of .pbl files from WML.

Learn more about our Web Application Penetration Testing UK.