CVE-2005-2436 Information

Description

browse.php in Website Baker Project allows remote attackers to obtain sensitive data via (1) a directory that does not exist in the dir parameter or (2) a direct request to certain php files which reveal the path in an error message.

Reference

http://marc.info/?l=bugtraq&m=112260471228762&w=2 http://secunia.com/advisories/16263 http://www.osvdb.org/18343 http://www.osvdb.org/18344 https://exchange.xforce.ibmcloud.com/vulnerabilities/21633 website-baker-url-path-disclosure(21633)