← back
CVE-2006-4989

CVE-2006-4989

EPSS 2.7%
Patrick Michaelis Wili-CMS allows remote attackers to obtain sensitive information via a direct request for (1) thumbnail.php, (2) functions/admin/all.php, (3) functions/admin/init_session.php, (4) functions/all.php, and (5) certain files in example-view/admin_templates/, which reveals the path in various error messages.
Affected products
n/a · n/a
public PoCs found1
exploitdbwww.exploit-db.com/exploits/2414unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://securityreason.com/securityalert/1633https://exchange.xforce.ibmcloud.com/vulnerabilities/29100http://www.securityfocus.com/archive/1/446575/100/0/threadedhttp://www.securityfocus.com/bid/20134