CVE-2005-0855 Information

Description

CoolForum 0.8.1 beta and earlier allows remote attackers to obtain sensitive path information via direct requests to (1) entete.php (2) profile_accueil.php (3) profile_mdp.php (4) profile_notify.php (5) profile_options.php (6) profile_perso.php (7) profile_pm.php or (8) readannonce.php which leaks the full pathname in a PHP error message.

Reference

http://seclists.org/lists/bugtraq/2005/Mar/0358.html http://securitytracker.com/id?1013474