ZanfiCmsLite adm_pages.php Path Disclosure

2004-10-11T05:42:57
ID OSVDB:10677
Type osvdb
Reporter Lin Xiaofeng(cracklove@gmail.com)
Modified 2004-10-11T05:42:57

Description

Vulnerability Description

Zanfi Cms Lite contains a flaw within adm_pages.php that may lead to an unauthorized information disclosure. The issue is triggered when a user sends a request for the script without arguments, which will disclose path information resulting in a loss of confidentiality.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Zanfi Cms Lite contains a flaw within adm_pages.php that may lead to an unauthorized information disclosure. The issue is triggered when a user sends a request for the script without arguments, which will disclose path information resulting in a loss of confidentiality.

Manual Testing Notes

http://[victim]/cms/adm_pages.php

References:

Vendor URL: http://www.zanfi.nl Security Tracker: 1011612 Secunia Advisory ID:12792 Related OSVDB ID: 10679 Related OSVDB ID: 10678 Related OSVDB ID: 10680 Related OSVDB ID: 10681 Related OSVDB ID: 10682 Related OSVDB ID: 10676 Other Advisory URL: http://www.proxysky.com/vulz/show.php?id=3 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-10/0076.html ISS X-Force ID: 17687 CVE-2004-2196