CVE-2006-2329

Name of the Vulnerable Software and Affected Versions AngelineCMS versions 0.6.5 and earlier

Description The issue allows remote attackers to obtain sensitive information. This can be achieved via a direct request for various PHP files, including adodb-access.inc.php, adodb-ado.inc.php, adodb-ado access.inc, adodb-ado mssql.inc.php, adodb-borland ibase, adodb-csv.inc.php, adodb-db2.inc.php, adodb-fbsql.inc.php, adodb-firebird.inc.php, adodb-ibase.inc.php, adodb-informix.inc.php, adodb-informix72.inc, adodb-mssql.inc.php, adodb-mssqlpo.inc.php, adodb-mysql.inc.php, adodb-mysqlt.inc.php, adodb-oci8.inc.php, adodb-oci805.inc.php, adodb-oci8po.inc.php, and adodb-odbc.inc.php. These files reveal the path in various error messages. Additionally, a direct request for the lib/system/ directory and possibly other lib/ directories provides a directory listing and "architecture view."

Recommendations For AngelineCMS versions 0.6.5 and earlier, consider restricting access to the sensitive PHP files and directories, such as adodb-access.inc.php, adodb-ado.inc.php, adodb-ado access.inc, adodb-ado mssql.inc.php, adodb-borland ibase, adodb-csv.inc.php, adodb-db2.inc.php, adodb-fbsql.inc.php, adodb-firebird.inc.php, adodb-ibase.inc.php, adodb-informix.inc.php, adodb-informix72.inc, adodb-mssql.inc.php, adodb-mssqlpo.inc.php, adodb-mysql.inc.php, adodb-mysqlt.inc.php, adodb-oci8.inc.php, adodb-oci805.inc.php, adodb-oci8po.inc.php, and adodb-odbc.inc.php, as well as the lib/system/ directory and other lib/ directories, to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.