CVE-2006-4989 Information

Description

Patrick Michaelis Wili-CMS allows remote attackers to obtain sensitive information via a direct request for (1) thumbnail.php (2) functions/admin/all.php (3) functions/admin/init_session.php (4) functions/all.php and (5) certain files in example-view/admin_templates/ which reveals the path in various error messages.

Reference

http://securityreason.com/securityalert/1633 http://www.securityfocus.com/archive/1/446575/100/0/threaded http://www.securityfocus.com/bid/20134 https://exchange.xforce.ibmcloud.com/vulnerabilities/29100