Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
ColdFusion Fusebox 4.1.0 allows remote attackers to obtain sensitive information via an invalid fuseaction parameter, which leaks the full server path in an error message, as demonstrated using the "?" (question mark) character.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
ColdFusion Fusebox fuseaction参数 敏感信息泄露漏洞
Vulnerability Description
ColdFusion Fusebox 4.1.0允许远程攻击者借助于无效的fuseaction参数获取敏感信息。这样便在错误信息中泄露了完整的服务器路径,可使用"?"(问号)字符证明这一点。
CVSS Information
N/A
Vulnerability Type
N/A