CVE-2005-0655 Information

Description

auraCMS 1.5 allows remote attackers to obtain sensitive information via an HTTP request with an invalid id parameter to (1) teman.php (2) hal.php or (3) arsip.php which reveals the path in a PHP error message.

Reference

http://echo.or.id/adv/adv011-y3dips-2005.txt http://marc.info/?l=bugtraq&m=110979842315750&w=2 http://securitytracker.com/id?1013357