Description

rwcgi60 CGI program in Oracle Reports Server, by design, provides sensitive information such as the full pathname, which could enable remote attackers to use the information in additional attacks.

Remediation

References

CVE-2002-1089

Related Vulnerabilities

WordPress Plugin yolink Search for WordPress 'bulkcrawl.php' SQL Injection (1.1.4)

Liferay Portal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2023-42627)

WordPress Plugin Master Slider-Responsive Touch Slider SQL Injection (2.5.1)

ownCloud Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-5606)

WordPress Plugin WP-UserAgent Cross-Site Scripting (1.0.5)

Severity

Medium

Classification

CVE-2002-1089

Tags

Missing Update Known Vulnerabilities