High-Tech Bridge SA Security Research Lab has discovered a weakness in Tine 2.0 which could be exploited to gain access to potentially sensitive information.
- Installation path disclosure weakness in Tine 2.0: CVE-2011-1666
The weakness exists due to application reveals the full path to installation directory in an error message. A remote attacker can directly access Crm/Controller.php, Crm/Export/Csv.php, or Calendar/Model/Attender.php script and gain knowledge of the web root directory and other potentially sensitive information.
Successful exploitation requires that php_display_errors variable is on.
Exploitation examples:
http://host/Crm/Controller.php
http://host/Crm/Export/Csv.php
http://host/ Calendar/Model/Attender. php