Aardvark Topsites PHP info.php Information Disclosure

2003-12-16T00:00:00
ID OSVDB:3377
Type osvdb
Reporter JeiAr(jeiar@gulftech.org)
Modified 2003-12-16T00:00:00

Description

Vulnerability Description

Aardvark Topsites PHP contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when /sources/info.php is accessed, which will disclose phpinfo() information resulting in a loss of confidentiality.

Solution Description

Upgrade to version 4.1.1 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround(s): Delete info.php or move it to a secure location.

Short Description

Aardvark Topsites PHP contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when /sources/info.php is accessed, which will disclose phpinfo() information resulting in a loss of confidentiality.

Manual Testing Notes

http://[victim]/sources/info.php

References:

Vendor URL: http://www.aardvarkind.com Secunia Advisory ID:10453 Other Advisory URL: http://www.gulftech.org/12162003b.php Nessus Plugin ID:11957 ISS X-Force ID: 14020 Bugtraq ID: 9231