phProfession upload.php Path Disclosure

2004-04-21T08:33:16
ID OSVDB:5623
Type osvdb
Reporter Janek Vind "waraxe"(come2waraxe@yahoo.com)
Modified 2004-04-21T08:33:16

Description

Vulnerability Description

Phprofession contains a flaw that may allow a malicious user to reveal the installation path of the software. The issue is triggered when accessing "upload.php" directly. It is possible that the flaw may allow expose information about the HTTP server's file system resulting in a loss of confidentiality.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Phprofession contains a flaw that may allow a malicious user to reveal the installation path of the software. The issue is triggered when accessing "upload.php" directly. It is possible that the flaw may allow expose information about the HTTP server's file system resulting in a loss of confidentiality.

References:

Vendor URL: https://sourceforge.net/projects/profession/ Vendor URL: http://www.phpsolutions.co.uk Secunia Advisory ID:11465 Related OSVDB ID: 5625 Related OSVDB ID: 5624 Other Advisory URL: http://www.waraxe.us/index.php?modname=sa&id=21 Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2004-03/2337.html ISS X-Force ID: 15930