CVE-2005-2053

Name of the Vulnerable Software and Affected Versions: JAF CMS versions prior to 3.0 Final

Description: The issue allows remote attackers to obtain sensitive information via specific manipulations of parameters in the index.php endpoint. This can be achieved by (1) using an asterisk (*) in the id parameter, (2) providing a blank id parameter, or (3) using an asterisk (*) in the disp parameter. These actions can reveal the path in an error message, potentially indicating a directory traversal or file inclusion issue.

Recommendations: For versions prior to 3.0 Final, update to version 3.0 Final or later to resolve the issue. As a temporary workaround, consider restricting access to the index.php endpoint or validating and sanitizing user input for the id and disp parameters to prevent malicious manipulations.