CVE-2002-0282

Name of the Vulnerable Software and Affected Versions DCP-Portal versions 3.7 through 4.5

Description The issue allows remote attackers to obtain the physical path of the server. This can be achieved through a direct request to "add user.php" or by providing an invalid new language parameter in "contents.php", "categories.php", or "files.php", which results in the path being leaked in an error message.

Recommendations For versions 3.7 through 4.5, consider restricting access to the affected PHP files until a patch is available. As a temporary workaround, avoid using the new language parameter in the affected API endpoints.