CVE-2006-3104

Properties

Published:
19.06.2006
Updated:
17.10.2006
Patch available:
Severity:
Low
  • CVSS vector:
    (AV:R/AC:L/Au:NR/C:P/I:N/A:N/B:N)
    Product:
    Bitweaver: Bitweaver

    Vulnerability description

    users/index.php in Bitweaver 1.3 allows remote attackers to obtain sensitive information via an invalid sort_mode parameter, which reveals the installation path and database information in the resultant error message.

    References:

    BUGTRAQ: http://www.securityfocus.com/archive/1/archive/1/437491/100/0/threaded
    http://retrogod.altervista.org/bitweaver_13_xpl.html: http://retrogod.altervista.org/bitweaver_13_xpl.html
    FRSIRT: http://www.frsirt.com/english/advisories/2006/2405
    SECUNIA: http://secunia.com/advisories/20695