CVE-2004-2362 Information

Description

PHPX 3.2.6 and earlier allows remote attackers to obtain the physical path of PHPX via a null or invalid value in the limit parameter which leaks the pathname in a database error message as demonstrated using forums.php.

Reference

http://secunia.com/advisories/11554 http://securitytracker.com/id?1010061 http://www.osvdb.org/5906 http://www.phpx.org/project.php?action=view&project_id=1 http://www.securityfocus.com/archive/1/362230 https://exchange.xforce.ibmcloud.com/vulnerabilities/16064