CVE-2005-2576

Name of the Vulnerable Software and Affected Versions CaLogic versions 1.22 and earlier

Description The issue allows remote attackers to obtain sensitive information via a direct request to several API endpoints, including "doclsqlres.php", "clmcpreload.php", "viewhistlog.php", "mcconfig.php", "doclsqlbak.php", "defcalsel.php", or "cl minical.php". These endpoints reveal the path in an error message, potentially exposing sensitive information.

Recommendations For CaLogic versions 1.22 and earlier, as a temporary workaround, consider restricting access to the vulnerable API endpoints until a patch is available. Avoid making direct requests to these endpoints to minimize the risk of exploitation.