CVE-2006-4873 Information

Description

Jupiter CMS allows remote attackers to obtain sensitive information via a direct request for (1) includes/functions.php (2) modules/register.php (3) modules/poll.php (4) modules/panel.php (5) modules/pm.php (6) modules/news.php (7) modules/templates_change.php (8) modules/users.php (9) modules/misc.php (10) modules/masspm.php (11) modules/mass-email.php (12) modules/main-nav.php (13) modules/login.php (14) modules/layout.php (15) modules/hq.php (16) modules/forum.php (17) modules/forum-admin.php (18) modules/events.php (19) modules/emoticons.php (20) modules/download.php (21) modules/blocks.php (22) modules/ban.php (23) modules/badwords.php (24) modules/ads.php or (25) modules/admin.php which reveals the installation path in various error messages. NOTE: The modules/online.php vector is already covered by CVE-2006-1679.

Reference

http://securityreason.com/securityalert/1608 http://www.securityfocus.com/archive/1/446064/100/0/threaded http://www.securityfocus.com/bid/20048