phpSysInfo class.OpenBSD.inc.php Path Disclosure

2005-03-23T10:08:47
ID OSVDB:14942
Type osvdb
Reporter Maksymilian Arciemowicz(max@jestsuper.pl)
Modified 2005-03-23T10:08:47

Description

Vulnerability Description

phpSysInfo contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker directly requests the class.OpenBSD.inc.php file, which will disclose installation path information resulting in a loss of confidentiality.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

phpSysInfo contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker directly requests the class.OpenBSD.inc.php file, which will disclose installation path information resulting in a loss of confidentiality.

Manual Testing Notes

http://[victim]/[DIR]/includes/os/class.OpenBSD.inc.php

References:

Vendor URL: http://phpsysinfo.sourceforge.net/ Security Tracker: 1013532 Secunia Advisory ID:14690 Related OSVDB ID: 14943 Related OSVDB ID: 14948 Related OSVDB ID: 14949 Related OSVDB ID: 14950 Related OSVDB ID: 14944 Related OSVDB ID: 14947 Related OSVDB ID: 14945 Related OSVDB ID: 14946 Other Advisory URL: http://www.securityreason.com/adv/%5BphpSysInfo%202.3%20Multiple%20vulnerabilities%20cXIb8O3.11%5D.asc Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-03/0408.html ISS X-Force ID: 19808 CVE-2005-0869