CVE-2007-0597

Properties

Published:
29.01.2007
Updated:
27.02.2008
Patch available:
Severity:
Medium
CVSS vector:
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
Product:
Aztek Forum: Aztek Forum

Vulnerability description

Aztek Forum 4.00 allows remote attackers to obtain sensitive information via a direct request to forum.php with the fid=XD query string, which reveals the path in an error message.

References:

BUGTRAQ: http://www.securityfocus.com/archive/1/archive/1/458076/100/0/threaded
BUGTRAQ: http://www.securityfocus.com/archive/1/archive/1/458123/100/0/threaded
http://acid-root.new.fr/poc/21070125.txt: http://acid-root.new.fr/poc/21070125.txt