ZanfiCmsLite del_page.php Path Disclosure

2004-10-11T05:42:57
ID OSVDB:10680
Type osvdb
Reporter Lin Xiaofeng(cracklove@gmail.com)
Modified 2004-10-11T05:42:57

Description

Vulnerability Description

Zanfi Cms Lite contains a flaw within del_page.php that may lead to an unauthorized information disclosure. The issue is triggered when an attacker sends a request for the script without arguments, which will disclose path information resulting in a loss of confidentiality.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Zanfi Cms Lite contains a flaw within del_page.php that may lead to an unauthorized information disclosure. The issue is triggered when an attacker sends a request for the script without arguments, which will disclose path information resulting in a loss of confidentiality.

Manual Testing Notes

http://[target]/cms/del_page.php

References:

Vendor URL: http://www.zanfi.nl Security Tracker: 1011612 Secunia Advisory ID:12792 Related OSVDB ID: 10679 Related OSVDB ID: 10678 Related OSVDB ID: 10677 Related OSVDB ID: 10681 Related OSVDB ID: 10682 Related OSVDB ID: 10676 Other Advisory URL: http://www.proxysky.com/vulz/show.php?id=3 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-10/0076.html ISS X-Force ID: 17687 CVE-2004-2196