CVE-2004-2196

Name of the Vulnerable Software and Affected Versions Zanfi CMS lite version 1.1

Description The issue allows remote attackers to obtain the full path of the web server via direct requests without required arguments to various PHP files, including "adm pages.php", "corr pages.php", "del block.php", "del page.php", "footer.php", "home.php", and others.

Recommendations For Zanfi CMS lite version 1.1, consider restricting direct access to sensitive PHP files, such as "adm pages.php", "corr pages.php", "del block.php", "del page.php", "footer.php", "home.php", and others, until a patch is available. As a temporary workaround, ensure that all requests to these files include the required arguments to prevent information disclosure.