w-Agora index.php Information Disclosure

2003-07-11T00:00:00
ID OSVDB:3173
Type osvdb
Reporter OSVDB
Modified 2003-07-11T00:00:00

Description

Vulnerability Description

W-Agora contains a feature that may lead to an unauthorized information disclosure. The issue is triggered when index.php is requested with "about" or "info" as the query, which will disclose user names, database-systems, paths, and versions resulting in a loss of confidentiality.

Technical Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue. The develops included this ability into the software as a feature. It is possible to comment out this feature from the index.php3 file.

Short Description

W-Agora contains a feature that may lead to an unauthorized information disclosure. The issue is triggered when index.php is requested with "about" or "info" as the query, which will disclose user names, database-systems, paths, and versions resulting in a loss of confidentiality.

References:

Vendor URL: http://www.w-agora.net/en/index.php Secunia Advisory ID:10422 Secunia Advisory ID:9247 Bugtraq ID: 8164