Vulnerability Description
admin.php in SkyBlueCanvas 1.1 r237 allows remote authenticated administrators to obtain sensitive information via an invalid id parameter, which reveals the installation path in an error message.
CVSS Score
6.8
MEDIUM
AV:N/AC:L/Au:S/C:C/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Skybluecanvas | Skybluecanvas | 1.1 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/35478Vendor Advisory
- http://www.securityfocus.com/archive/1/504302/100/0/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/51164
- http://secunia.com/advisories/35478Vendor Advisory
- http://www.securityfocus.com/archive/1/504302/100/0/threaded
- https://exchange.xforce.ibmcloud.com/vulnerabilities/51164
FAQ
What is CVE-2009-2115?
CVE-2009-2115 is a vulnerability with a CVSS score of 6.8 (MEDIUM). admin.php in SkyBlueCanvas 1.1 r237 allows remote authenticated administrators to obtain sensitive information via an invalid id parameter, which reveals the installation path in an error message.
How severe is CVE-2009-2115?
CVE-2009-2115 has been rated MEDIUM with a CVSS base score of 6.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-2115?
Check the references section above for vendor advisories and patch information. Affected products include: Skybluecanvas Skybluecanvas.