Main Vulnerability Database Vulnerabilities #VU39440

Information disclosure in WonderCMS - CVE-2014-8702

Published: March 17, 2017 / Updated: August 8, 2020

Vulnerability identifier: #VU39440

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2014-8702

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: WonderCMS

Affected software:
WonderCMS

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

Wonder CMS 2014 allows remote attackers to obtain sensitive information by logging into the application with an array for the password, which reveals the installation path in an error message.

How to mitigate CVE-2014-8702

Install update from vendor's website.

Sources

http://rossmarks.uk/portfolio.php
http://rossmarks.uk/whitepapers/wonder_cms_2014.txt
http://www.securityfocus.com/bid/97192

Information disclosure in WonderCMS - CVE-2014-8702

Detailed vulnerability description

How to mitigate CVE-2014-8702

Sources

Please verify you're human