CVE-2006-6112

Name of the Vulnerable Software and Affected Versions LifeType versions 1.0.x through 1.1.x

Description The issue is related to insufficient access control for PHP scripts under specific directories, allowing remote attackers to obtain the installation path. This can be achieved by making a direct request to certain scripts, such as bayesianfilter.class.php and bootstrap.php, which may leak the path in an error message.

Recommendations For LifeType versions 1.0.x through 1.1.x, consider restricting direct access to the PHP scripts under the class/ and plugins/ directories to prevent remote attackers from obtaining the installation path. As a temporary workaround, restrict access to the bayesianfilter.class.php and bootstrap.php scripts until a proper fix is applied.