phpPgAds / phpAdsNew admin/lib-misc-stats.inc.php Direct Request Path Disclosure

2005-11-10T02:33:54
ID OSVDB:20739
Type osvdb
Reporter Toni Koivunen(toni.koivunen@fitsec.com)
Modified 2005-11-10T02:33:54

Description

Vulnerability Description

phpAdsNew contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker makes a direct request to the admin/lib-misc-stats.inc.php script, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.

Solution Description

Upgrade to version 2.0.7 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

phpAdsNew contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker makes a direct request to the admin/lib-misc-stats.inc.php script, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.

References:

Vendor URL: http://phpadsnew.com/ Vendor Specific News/Changelog Entry: http://sourceforge.net/project/shownotes.php?group_id=36679&release_id=370942 Secunia Advisory ID:17464 Related OSVDB ID: 20741 Related OSVDB ID: 20744 Related OSVDB ID: 20740 Related OSVDB ID: 20735 Related OSVDB ID: 20736 Related OSVDB ID: 20737 Related OSVDB ID: 20742 Related OSVDB ID: 20738 Related OSVDB ID: 20743 Related OSVDB ID: 20745 Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0257.html Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0445.html FrSIRT Advisory: ADV-2005-2380 CVE-2005-3645