CVE-2006-3938 Information
Description
DotClear allows remote attackers to obtain sensitive information via a direct request for (1) edit_cat.php (2) index.php (3) edit_link.php in ecrire/tools/blogroll/; (4) syslog/index.php (5) thememng/index.php (6) toolsmng/index.php (7) utf8convert/index.php in /ecrire/tools/; (8) /ecrire/inc/connexion.php and (9) /inc/session.php; (10) class.blog.php (11) class.blogcomment.php (12) and class.blogpost.php in /inc/classes/; (13) append.php (14) class.xblog.php (15) class.xblogcomment.php and (16) class.xblogpost.php in /layout/; (17) form.php (18) list.php (19) post.php or (20) template.php in /themes/default/ which reveal the installation path in error messages.
Reference
http://securityreason.com/securityalert/1307 http://www.osvdb.org/29812 http://www.osvdb.org/29813 http://www.osvdb.org/29814 http://www.osvdb.org/29815 http://www.osvdb.org/29816 http://www.osvdb.org/29817 http://www.osvdb.org/29818 http://www.osvdb.org/29820 http://www.osvdb.org/29821 http://www.osvdb.org/29822 http://www.osvdb.org/29823 http://www.osvdb.org/29824 http://www.osvdb.org/29825 http://www.osvdb.org/29826 http://www.osvdb.org/29827 http://www.osvdb.org/29828 http://www.osvdb.org/29829 http://www.osvdb.org/29830 http://www.osvdb.org/29831 http://www.securityfocus.com/archive/1/440874/100/100/threaded http://www.securityfocus.com/archive/1/459820/100/0/threaded http://zone14.free.fr/advisories/8/ https://exchange.xforce.ibmcloud.com/vulnerabilities/27913
Share on: