Описание
LifeType 1.0.x and 1.1.x have insufficient access control for all of the PHP scripts under (1) class/ and (2) plugins/, which allows remote attackers to obtain the installation path via a direct request to any of the scripts, as demonstrated by (a) bayesianfilter.class.php and (b) bootstrap.php, which leaks the path in an error message.
LifeType 1.0.x and 1.1.x have insufficient access control for all of the PHP scripts under (1) class/ and (2) plugins/, which allows remote attackers to obtain the installation path via a direct request to any of the scripts, as demonstrated by (a) bayesianfilter.class.php and (b) bootstrap.php, which leaks the path in an error message.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2006-6112
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30635
- http://securityreason.com/securityalert/1980
- http://www.lifetype.net/blog.php/lifetype-development-journal/2006/11/30/full_path_disclosure_vulnerability_in_lifetype_1.0.x_and_1.1.x
- http://www.netvigilance.com/advisory0008
- http://www.osvdb.org/30685
- http://www.securityfocus.com/archive/1/453135/100/0/threaded
EPSS
CVE ID
Связанные уязвимости
LifeType 1.0.x and 1.1.x have insufficient access control for all of the PHP scripts under (1) class/ and (2) plugins/, which allows remote attackers to obtain the installation path via a direct request to any of the scripts, as demonstrated by (a) bayesianfilter.class.php and (b) bootstrap.php, which leaks the path in an error message.
EPSS