CVE-2006-4986 Information

Feb 14, 2021 cve

Description

Grayscale BandSite CMS allows remote attackers to obtain sensitive information via a direct request for (1) certain files in the includes/content directory (2) includes/shows_preview.php and (3) adminpanel/configform.php; and files in adminpanel/includes/ including (4) mailinglist/disphtmltbl.php (5) mailinglist/dispxls.php (6) mailinglist/sendshows.php (7) previews/preview_bio.php (8) previews/preview_genmerch.php (9) previews/preview_fliers.php (10) previews/preview_gbook.php (11) previews/preview_interviews.php (12) previews/preview_links.php (13) previews/preview_lyrics.php (14) previews/preview_membio.php (15) previews/preview_merchphotos.php (16) previews/preview_mp3s.php (17) previews/preview_news.php (18) previews/preview_photos.php (19) previews/preview_releases.php (20) previews/preview_relmerch.php (21) previews/preview_relphotos.php (22) previews/preview_reviews.php (23) previews/preview_shows.php (24) previews/preview_wearmerch.php (25) change_forms/change_bio.php (26) change_forms/change_fliers.php (27) change_forms/change_gbook.php (28) change_forms/change_gen_merch.php (29) change_forms/change_interview.php (30) change_forms/change_links.php (31) change_forms/change_lyrics.php (32) change_forms/change_members.php (33) change_forms/change_merch.php (34) change_forms/change_merch_pic.php (35) change_forms/change_mp3s.php (36) change_forms/change_news.php (37) change_forms/change_photos.php (38) change_forms/change_rel_merch.php (39) change_forms/change_rel_pic.php (40) change_forms/change_releases.php (41) change_forms/change_reviews.php (42) change_forms/change_shows.php and (43) change_forms/change_wear_merch.php which reveals the path in various error messages.

Reference

http://securityreason.com/securityalert/1634 http://www.securityfocus.com/archive/1/446576/100/0/threaded http://www.securityfocus.com/bid/20137 https://exchange.xforce.ibmcloud.com/vulnerabilities/29085

Share on: