CVE-2004-1571

Name of the Vulnerable Software and Affected Versions AJ-Fork version 167

Description The issue allows remote attackers to gain sensitive information via a direct request to various PHP files, including "auto-acronyms.php", "auto-archive.php", "ount-article-views.php", "kses.php", "custom-quick-tags.php", "disable-all-comments.php", "easy-date-format.php", "enable-disable-comments.php", "filter-by-author.php", "format-switcher.php", "long-to-short.php", "prospective-posting.php", or "sort-by-xfield.php". These files display the full path in an error message.

Recommendations For AJ-Fork version 167, consider restricting access to the mentioned PHP files to minimize the risk of exploitation. As a temporary workaround, disable the display of error messages that include the full path for these files until a patch is available.