Vulnerability Details CVE-2012-3838
Gekko before 1.2.0 allows remote attackers to obtain the installation path via a direct request to (1) admin/templates/babygekko/index.php or (2) templates/html5demo/index.php.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.067
EPSS Ranking 90.9%
CVSS Severity
CVSS v2 Score 5.0
References
- http://www.babygekko.com/site/news/general/baby-gekko-v1-2-0-released-with-3rd-party-independent-security-testing-performed-by-zero-science-lab.html
- http://www.exploit-db.com/exploits/18827
- http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5086.php
- http://www.babygekko.com/site/news/general/baby-gekko-v1-2-0-released-with-3rd-party-independent-security-testing-performed-by-zero-science-lab.html
- http://www.exploit-db.com/exploits/18827
- http://www.zeroscience.mk/en/vulnerabilities/ZSL-2012-5086.php
Products affected by CVE-2012-3838
-
cpe:2.3:a:babygekko:baby_gekko:0.90
-
cpe:2.3:a:babygekko:baby_gekko:0.91
-
cpe:2.3:a:babygekko:baby_gekko:0.98
-
cpe:2.3:a:babygekko:baby_gekko:0.99
-
cpe:2.3:a:babygekko:baby_gekko:1.0.0
-
cpe:2.3:a:babygekko:baby_gekko:1.0.1
-
cpe:2.3:a:babygekko:baby_gekko:1.1.0
-
cpe:2.3:a:babygekko:baby_gekko:1.1.1
-
cpe:2.3:a:babygekko:baby_gekko:1.1.2
-
cpe:2.3:a:babygekko:baby_gekko:1.1.3
-
cpe:2.3:a:babygekko:baby_gekko:1.1.4
-
cpe:2.3:a:babygekko:baby_gekko:1.1.5