CVE-2004-1385 Information

Description

phpGroupWare 0.9.16.003 and earlier allows remote attackers to gain sensitive information via (1) unexpected characters in the session ID such as shell metacharacters (2) an invalid appname parameter to preferences.php or (3) an invalid menuaction parameter to index.php which reveals the web server path in an error message.

Reference

http://marc.info/?l=bugtraq&m=110312656029072&w=2 http://www.gentoo.org/security/en/glsa/glsa-200501-08.xml http://www.gulftech.org/?node=research&article_id=00054-12142004 https://exchange.xforce.ibmcloud.com/vulnerabilities/18497