CVE-2006-6735

Name of the Vulnerable Software and Affected Versions: Minh Nguyen Duong Obie Website Mini Web Shop version 2.1.c

Description: The issue allows remote attackers to obtain sensitive information via a request with an arbitrary catname parameter but no itemsdb parameter, which reveals the path in an error message. This might be resultant from a more serious issue such as directory traversal.

Recommendations: For version 2.1.c, as a temporary workaround, consider restricting access to the modules/viewcategory.php file until a patch is available. Avoid using the catname parameter in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.