Exponent CMS 0.96.3 and later versions includes the full installation path in the base parameter to thumb.php, which allows remote attackers to obtain sensitive information. NOTE: this might be resultant from an absolute path traversal vulnerability.
Get an AI-powered plain-language explanation of this vulnerability and remediation steps.
Login to generate AI explanation6 reference(s) from NVD