e107 resetcore.php Configuration Information Disclosure

2005-05-03T04:36:36
ID OSVDB:16287
Type osvdb
Reporter Heintz(hennoj@gmail.com)
Modified 2005-05-03T04:36:36

Description

Vulnerability Description

e107 contains a flaw that may lead to an unauthorized information disclosure.  This flaw exists because the application does not validate user-supplied input upon submission to the 'resetcore.php' script, which will disclose configuration information resulting in a loss of confidentiality.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

e107 contains a flaw that may lead to an unauthorized information disclosure.  This flaw exists because the application does not validate user-supplied input upon submission to the 'resetcore.php' script, which will disclose configuration information resulting in a loss of confidentiality.

References:

Vendor URL: http://www.e107.org/ Secunia Advisory ID:15282 Related OSVDB ID: 16285 Related OSVDB ID: 16288 Related OSVDB ID: 16289 Related OSVDB ID: 16290 Related OSVDB ID: 16284 Related OSVDB ID: 16286 Other Advisory URL: http://e107.org/e107_plugins/bugtracker2/bugtracker2.php?0.bug.558 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-05/0066.html