XMB Forum phpinfo.php Information Disclosure

2004-03-26T09:21:15
ID OSVDB:4643
Type osvdb
Reporter Janek Vind "waraxe"(come2waraxe@yahoo.com)
Modified 2004-03-26T09:21:15

Description

Vulnerability Description

XMB Forum contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote user directly calls the phpinfo.php script, which will disclose information about the victim system, resulting in a loss of confidentiality.

Solution Description

Upgrade to version 1.9.1 Final or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

XMB Forum contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote user directly calls the phpinfo.php script, which will disclose information about the victim system, resulting in a loss of confidentiality.

Manual Testing Notes

http://[victim]/xmb19beta/phpinfo.php

References:

Vendor URL: http://www.xmbforum.com/ Secunia Advisory ID:11230 Related OSVDB ID: 14983 Related OSVDB ID: 14984 Related OSVDB ID: 14982 Related OSVDB ID: 14985 Related OSVDB ID: 14988 Related OSVDB ID: 14991 Related OSVDB ID: 14986 Related OSVDB ID: 14987 Related OSVDB ID: 14989 Related OSVDB ID: 14990 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-03/0265.html Keyword: waraxe-2004-SA#012 CVE-2004-2588 Bugtraq ID: 9983