CVE-2007-2670 Information

Description

PHPChain 1.0 and earlier allows remote attackers to obtain the installation path via invalid values of the catid parameter to (1) settings.php or (2) cat.php as demonstrated by XSS manipulations.

Reference

http://osvdb.org/35538 http://pridels0.blogspot.com/2007/05/phpchain-vuln.html http://secunia.com/advisories/25128 http://www.securityfocus.com/bid/23761 http://www.vupen.com/english/advisories/2007/1647 https://exchange.xforce.ibmcloud.com/vulnerabilities/34019