CVE-2005-0855

Name of the Vulnerable Software and Affected Versions CoolForum versions 0.8.1 beta and earlier

Description The issue allows remote attackers to obtain sensitive path information via direct requests to various PHP files, including "entete.php", "profile accueil.php", "profile mdp.php", "profile notify.php", "profile options.php", "profile perso.php", "profile pm.php", or "readannonce.php". These files leak the full pathname in a PHP error message.

Recommendations For CoolForum versions 0.8.1 beta and earlier, consider restricting access to the mentioned PHP files until a patch is available. As a temporary workaround, disable the display of PHP error messages to minimize the risk of path information leakage.