CVE-2008-7146

Name of the Vulnerable Software and Affected Versions IntraLearn Software IntraLearn versions prior to 4.2.3

Description The issue allows remote attackers to obtain sensitive information via a direct request to specific pages, which reveals the installation path in an error message. The affected pages include "Knowledge Impact Course.htm", "LRN-formatted Course.htm", and "Create Course.htm" in the "help/1/Instructor/" directory.

Recommendations For versions prior to 4.2.3, update to version 4.2.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the "help/1/Instructor/" directory to minimize the risk of exploitation. Avoid using the affected pages until the issue is resolved.