CVE-2004-1504

Name of the Vulnerable Software and Affected Versions Just Another Flat file (JAF) CMS version 3.0RC

Description The issue allows remote attackers to gain sensitive information. This is achieved by exploiting the displaycontent function in config.php, which reveals the installation path in an error message when a blank show parameter is used, as demonstrated using index.php.

Recommendations For Just Another Flat file (JAF) CMS version 3.0RC, consider modifying the displaycontent function in config.php to handle blank show parameters securely, preventing the revelation of sensitive installation path information in error messages.