CVE-2005-2474 Information
Description
ChurchInfo allows remote attackers to execute obtain sensitive information via the PersonID parameter to (1) PersonView.php (2) MemberRoleChange.php (3) PropertyAssign.php (4) WhyCameEditor.php (5) GroupPropsEditor.php (6) Reports/PDFLabel.php or (7) UserDelete.php an invalid Number parameter to (8) SelectList.php or (9) SelectDelete.php GroupID parameter to (10) GroupView.php (11) GroupMemberList.php (12) MemberRoleChange.php (13) GroupDelete.php (14) /Reports/ClassAttendance.php or (15) /Reports/GroupReport.php (16) PropertyID parameter to PropertyEditor.php FamilyID parameter to (17) Canvas05Editor.php (18) CanvasEditor.php or (19) FamilyView.php or (20) PledgeID parameter to PledgeDetails.php which reveal the path in an error message.
Reference
http://marc.info/?l=bugtraq&m=112291550713546&w=2 http://secunia.com/advisories/16292 http://securitytracker.com/id?1014617 http://www.osvdb.org/18425 http://www.osvdb.org/18426 http://www.osvdb.org/18429 http://www.osvdb.org/18430 http://www.osvdb.org/18431 http://www.osvdb.org/18432 http://www.osvdb.org/18433 http://www.osvdb.org/18434 http://www.osvdb.org/18435 http://www.osvdb.org/18436 http://www.osvdb.org/18437 http://www.osvdb.org/18438 http://www.osvdb.org/18439 http://www.osvdb.org/18450 https://exchange.xforce.ibmcloud.com/vulnerabilities/21648
Share on: