CVE-2005-2433 Information
Description
PhpList allows remote attackers to obtain sensitive information via a direct request to (1) about.php (2) connect.php (3) domainstats.php or (4) usercheck.php in public_html/lists/admin directory (5) attributes.php (6) dbcheck.php (7) importcsv.php (8) user.php (9) usermgt.php or (10) users.php in admin/commonlib/pages directory (11) helloworld.php or (12) sidebar.php in public_html/lists/admin/plugins directory or (13) main.php in public_html/lists/admin/plugsins/defaultplugin directory which reveal the path in an error message.
Reference
http://marc.info/?l=bugtraq&m=112258115325054&w=2 http://www.osvdb.org/18317 http://www.osvdb.org/18318 http://www.osvdb.org/18319 http://www.osvdb.org/18320 http://www.osvdb.org/18321 http://www.osvdb.org/18322 http://www.osvdb.org/18323 http://www.osvdb.org/18324 http://www.osvdb.org/18325 http://www.osvdb.org/18326 http://www.osvdb.org/18327 http://www.osvdb.org/18328 http://www.osvdb.org/18329 https://exchange.xforce.ibmcloud.com/vulnerabilities/21579
Share on: