CVE-2006-2535

Name of the Vulnerable Software and Affected Versions Destiney Links Script version 2.1.2

Description The issue allows remote attackers to obtain the installation path via an invalid show parameter referencing a non-existent file in index.php, which reveals the path in the resulting error message. This might be a symptom of a more serious issue, such as directory traversal.

Recommendations For Destiney Links Script version 2.1.2, consider restricting access to the index.php file or validating the show parameter to prevent the disclosure of the installation path. As a temporary workaround, restrict the use of the show parameter in index.php to minimize the risk of path disclosure.