CVE-2007-3127

Name of the Vulnerable Software and Affected Versions: WSPortal version 1.0

Description: The issue allows remote attackers to obtain sensitive information by exploiting a vulnerability in the content.php file. This is achieved by sending a specific sequence of characters, including a quote and a semicolon, in the page parameter when magic quotes gpc is disabled. The attack reveals the installation path in the resulting SQL error message.

Recommendations: For WSPortal version 1.0, consider enabling magic quotes gpc to prevent the exploitation of this issue. As a temporary workaround, restrict access to the content.php file to minimize the risk of sensitive information disclosure. Avoid using user-supplied input in the page parameter until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.