#VU45374 Information disclosure in PivotX - CVE-2011-0775

Cybersecurity Help s.r.o.

Published: 2011-02-04 | Updated: 2020-08-11

Vulnerability identifier: #VU45374

Vulnerability risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2011-0775

CWE-ID: CWE-200

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
PivotX
Web applications / Forum & blogging software

Vendor: pivotlog.net

Description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

pivotx/modules/module_image.php in PivotX 2.2.2 allows remote attackers to obtain sensitive information via a non-existent file in the image parameter, which reveals the installation path in an error message. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Mitigation
Install update from vendor's website.

Vulnerable software versions

PivotX: 2.2.2

External links
https://osvdb.org/70675
https://pivot-weblog.svn.sf.net/viewvc/pivot-weblog?view=revision&revision=3463
https://secunia.com/advisories/43041
https://exchange.xforce.ibmcloud.com/vulnerabilities/64977

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in pivotlog.net PivotX