CVE-2006-0445 Information

Description

index.php in Phpclanwebsite 1.23.1 allows remote authenticated users to obtain the installation path by specifying an invalid file name to the uploader page as demonstrated by \\ which will display the full path of uploader.php. NOTE: this might be the result of a file inclusion vulnerability.

Reference

http://www.h4cky0u.org/advisories/HYSA-2006-002-phpclan.txt http://www.osvdb.org/22721 http://www.securityfocus.com/archive/1/423145/100/0/threaded http://www.securityfocus.com/bid/16391