Описание
V3 Chat allows remote attackers to obtain the installation path via (1) an invalid id parameter to mail/index.php or (2) membername parameter to messenger/online.php, which displays the path in an error page due to an incorrect SQL statement.
V3 Chat allows remote attackers to obtain the installation path via (1) an invalid id parameter to mail/index.php or (2) membername parameter to messenger/online.php, which displays the path in an error page due to an incorrect SQL statement.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2006-3365
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27395
- http://securitytracker.com/id?1016340
- http://www.securityfocus.com/archive/1/437755/100/200/threaded
- http://www.securityfocus.com/archive/1/438069/100/200/threaded
- http://www.securityfocus.com/bid/18543
- http://www.vupen.com/english/advisories/2006/2474
Связанные уязвимости
nvd
почти 19 лет назад
V3 Chat allows remote attackers to obtain the installation path via (1) an invalid id parameter to mail/index.php or (2) membername parameter to messenger/online.php, which displays the path in an error page due to an incorrect SQL statement.