Description

e107 0.615 allows remote attackers to obtain sensitive information via a direct request to (1) alt_news.php, (2) backend_menu.php, (3) clock_menu.php, (4) counter_menu.php, (5) login_menu.php, and other files, which reveal the full path in a PHP error message.

Remediation

References

CVE-2004-2039

Related Vulnerabilities

WordPress Plugin PDF & Print by BestWebSoft Cross-Site Scripting (2.0.2)

Oracle Database Server CVE-2006-0263 Vulnerability (CVE-2006-0263)

MySQL CVE-2017-3244 Vulnerability (CVE-2017-3244)

Joomla! Core Information Disclosure (1.5.0 - 3.8.1)

phpList Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2008-6178)

Severity

Medium

Classification

CVE-2004-2039

Tags

Missing Update Known Vulnerabilities