CVE-2009-2303

Name of the Vulnerable Software and Affected Versions Aardvark Topsites PHP versions 5.2.1 and earlier

Description The issue allows remote attackers to obtain sensitive information. This is achieved by providing a negative integer value for the start parameter in a search action, which results in the revelation of the installation path in an error message.

Recommendations For versions 5.2.1 and earlier, consider validating and sanitizing the start parameter in the search action to prevent the disclosure of sensitive information. As a temporary workaround, restrict access to the search functionality until a proper fix is implemented.