DCP-Portal contents.php Invalid Language Path Disclosure

2002-02-28T00:00:00
ID OSVDB:7015
Type osvdb
Reporter Ahmet Sabri ALPER(s_alper@hotmail.com)
Modified 2002-02-28T00:00:00

Description

Vulnerability Description

DCP-Portal contains a flaw that may lead to an unauthorized information disclosure.  The issue is triggered when URL is submitted with an unspecified language, which will disclose the web root path and other information resulting in a loss of confidentiality.

Solution Description

Upgrade to version 4.5.1 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

DCP-Portal contains a flaw that may lead to an unauthorized information disclosure.  The issue is triggered when URL is submitted with an unspecified language, which will disclose the web root path and other information resulting in a loss of confidentiality.

Manual Testing Notes

http://[victim]/contents.php?new_language=elvish&mode=select

References:

Vendor URL: http://www.dcp-portal.com/ Related OSVDB ID: 7017 Related OSVDB ID: 7018 Related OSVDB ID: 7016 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2002-02/0323.html ISS X-Force ID: 8310 CVE-2002-0282 Bugtraq ID: 4113