ACNews db.inc Path Disclosure

2005-08-21T00:00:00
ID OSVDB:19021
Type osvdb
Reporter Mondana Soltani (Witty)()
Modified 2005-08-21T00:00:00

Description

Vulnerability Description

ACNews contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker makes a direct request to the 'db.inc.' file, which will disclose the installation path of the database resulting in a loss of confidentiality.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

ACNews contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker makes a direct request to the 'db.inc.' file, which will disclose the installation path of the database resulting in a loss of confidentiality.

References:

Security Tracker: 1014749 ISS X-Force ID: 22340 CVE-2005-2677