DotClear /layout/class.xblogcomment.php Direct Request Path Disclosure

2006-07-21T01:02:44
ID OSVDB:29826
Type osvdb
Reporter Silitix(Silitix@gmail_com)
Modified 2006-07-21T01:02:44

Description

Vulnerability Description

DotClear contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker makes a direct request to the /layout/class.xblogcomment.php script, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

DotClear contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker makes a direct request to the /layout/class.xblogcomment.php script, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.

References:

Vendor URL: http://www.dotclear.net/ Related OSVDB ID: 29813 Related OSVDB ID: 29816 Related OSVDB ID: 29818 Related OSVDB ID: 29828 Related OSVDB ID: 29821 Related OSVDB ID: 29822 Related OSVDB ID: 29824 Related OSVDB ID: 29829 Related OSVDB ID: 29814 Related OSVDB ID: 29815 Related OSVDB ID: 29820 Related OSVDB ID: 29823 Related OSVDB ID: 29827 Related OSVDB ID: 29830 Related OSVDB ID: 29812 Related OSVDB ID: 29817 Related OSVDB ID: 29819 Related OSVDB ID: 29825 Related OSVDB ID: 29831 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-07/0408.html CVE-2006-3938