CVE-2005-2381 Information

Description

PHP Surveyor 0.98 allows remote attackers to obtain sensitive information via a direct request to (1) question.php (2) survey.php or (3) group.php in the root directory a direct request to (4) database.php (5) sessioncontrol.php (6) html.php (7) sessioncontrol.php an invalid (8) qid parameter to dumpquestion.php or an invalid lid parameter to (9) labels.php or (10) dumplabel.php which reveal the path in an error message.

Reference

http://marc.info/?l=bugtraq&m=112188282401681&w=2 http://secunia.com/advisories/16123