Required CVE Record Information
Description
myWebland myBloggie 2.1.6 allow remote attackers to obtain sensitive information via (1) an invalid year parameter to calendar.php, reached through index.php; (2) a direct request to common.php; and (3) a mode array parameter in the query string to login.php, which reveal the installation path in various error messages.
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 2 Total
- http://descriptions.securescout.com/tc/17970 x_transferred
- http://www.netvigilance.com/advisory0039 x_transferred