Unrated severityNVD Advisory· Published Aug 13, 2012· Updated Apr 29, 2026

CVE-2012-4257

Description

Yaqas (Yet Another Question & Answer System) 1.0 Alpha 1 allows remote attackers to obtain sensitive information via an invalid character in the PHPSESSID, which reveals the installation path in an error message.

Affected products

George Karpouzas/Yet Another Question \& Answer System
cpe:2.3:a:george_karpouzas:yet_another_question_\&_answer_system:1.0:alpha1:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

hauntit.blogspot.com/2012/03/en-yaqas-cms-alpha1-information.htmlnvdExploit
packetstormsecurity.org/files/112248/Yaqas-CMS-Alpha1-Information-Disclosure.htmlnvdExploit
exchange.xforce.ibmcloud.com/vulnerabilities/75205nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000