Easy PX 41 CMS Open Directory Information Disclosure

2005-07-29T09:16:17
ID OSVDB:18333
Type osvdb
Reporter FalconDeOro(falcondeoro@gmail.com)
Modified 2005-07-29T09:16:17

Description

Vulnerability Description

Easy PX 41 CMS contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered by requesting certain directories, which will disclose raw directory listings including files resulting in a loss of confidentiality.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Easy PX 41 CMS contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered by requesting certain directories, which will disclose raw directory listings including files resulting in a loss of confidentiality.

Manual Testing Notes

http://[victim]/modules/forum/cfg/ http://[victim]/modules/forum/db/ http://[victim]/modules/forum/msg/ http://[victim]/modules/forum/admin/index.php http://[victim]/modules/forum/msg/1103495330.dat http://[victim]/modules/login/ http://[victim]/modules/login/login.php http://[victim]/modules/login/admin/option.php http://[victim]/modules/login/cfg/modules.cfg http://[victim]/cfg/config.cfg http://[victim]/mesdocuments/ http://[victim]/modules/news/ http://[victim]/modules/forum/db/rep.db

References:

Vendor URL: http://www.easypx41.be/ Secunia Advisory ID:16264 Related OSVDB ID: 18336 Related OSVDB ID: 18334 Related OSVDB ID: 18335 Other Advisory URL: http://falcondeoro.blogspot.com/2005/07/xss-flaws-and-data-disclosure-in.html