CVE-2006-2886

Name of the Vulnerable Software and Affected Versions KnowledgeTree Open Source versions 3.0.3 and earlier

Description The issue allows remote attackers to obtain the full installation path via a crafted fDocumentId parameter in the view.php file. This is achieved by displaying the path in the resulting error message. It is noted that this might be a result of another issue, as this vector also produces cross-site scripting (XSS).

Recommendations For KnowledgeTree Open Source versions 3.0.3 and earlier, consider restricting access to the view.php file until a fix is available. As a temporary workaround, avoid using the fDocumentId parameter in the affected endpoint to minimize the risk of exploitation.