CVE-2004-2671 Information

Description

mod.php in eNdonesia 8.3 allows remote attackers to obtain sensitive information via certain direct requests and certain requests with invalid parameter values which reveal the path in various error messages as demonstrated by the (1) mod and (2) cid parameters.

Reference

http://echo.or.id/adv/adv02-y3dips-2004.txt http://secunia.com/advisories/12231 http://securitytracker.com/id?1010864 http://www.securityfocus.com/archive/1/370855 http://www.securityfocus.com/bid/8507 https://exchange.xforce.ibmcloud.com/vulnerabilities/13042