CVE-2006-1105 Information

Description

Pixelpost 1.5 beta 1 and earlier allows remote attackers to obtain configuration information via a direct request to includes/phpinfo.php which calls the phpinfo function. NOTE: the vendor has disputed some issues from the original disclosure but due to the vagueness of the dispute it is not clear whether the vendor is disputing this particular issue.

Reference

http://forum.pixelpost.org/showthread.php?t=3535 http://www.neosecurityteam.net/index.php?action=advisories&id=19 http://www.securityfocus.com/archive/1/426764/100/0/threaded http://www.securityfocus.com/bid/16964 http://www.vupen.com/english/advisories/2006/0823 https://exchange.xforce.ibmcloud.com/vulnerabilities/25048