cpe:/a:amirocms:amiro.cms:4.0.8.0 cpe:/a:amirocms:amiro.cms:4.2.0.5 cpe:/a:amirocms:amiro.cms:4.2.1.0 cpe:/a:amirocms:amiro.cms:4.2.2.0 cpe:/a:amirocms:amiro.cms:4.2.3.0 cpe:/a:amirocms:amiro.cms:4.2.4 cpe:/a:amirocms:amiro.cms:4.2.5 cpe:/a:amirocms:amiro.cms:5.0.7 cpe:/a:amirocms:amiro.cms:5.2 cpe:/a:amirocms:amiro.cms:5.2.2 cpe:/a:amirocms:amiro.cms:5.2.3 cpe:/a:amirocms:amiro.cms:5.4.0.0 CVE-2009-3802 2009-10-27T12:30:00.313-04:00 2017-08-16T21:31:17.240-04:00 5.0 NETWORK LOW NONE PARTIAL NONE NONE http://nvd.nist.gov 2009-10-28T08:06:00.000-04:00 SECUNIA 37065 VUPEN ADV-2009-2967 XF amiro-index-path-disclosure(53894) MISC http://packetstormsecurity.org/0910-exploits/ONSEC-09-005.txt MISC http://www.onsec.ru/vuln?id=12 Amiro.CMS 5.4.0.0 and earlier allows remote attackers to obtain sensitive information via an invalid loginname ("%%%") to _admin/index.php, which reveals the installation path and other information in an error message.