CVE-2004-2575 Information

Description

phpGroupWare 0.9.14.005 and earlier allow remote attackers to obtain sensitive information via a direct request to (1) hook_admin.inc.php (2) hook_home.inc.php (3) class.holidaycalc.inc.php and (4) setup.inc.php.sample which reveals the path in an error message.

Reference

http://www.osvdb.org/7601 http://www.osvdb.org/7602 http://www.osvdb.org/7603 http://www.osvdb.org/7604 https://savannah.gnu.org/bugs/?func=detailitem&item_id=7478