CVE-2002-0446

Name of the Vulnerable Software and Affected Versions Black Tie Project (BTP) versions 0.4b through 0.5b

Description The issue allows remote attackers to determine the absolute path of the web server via an invalid cid parameter in the categorie.php3 file, which leaks the pathname in an error message.

Recommendations For Black Tie Project (BTP) versions 0.4b through 0.5b, consider validating and sanitizing the cid parameter to prevent the disclosure of the web server's absolute path. As a temporary workaround, restrict access to the categorie.php3 file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.