CVE-2003-1089

Name of the Vulnerable Software and Affected Versions Zorum version 3.4

Description The issue allows remote attackers to determine the full path of the web root via invalid parameter names in the index.php file, which reveals the path in a PHP error message.

Recommendations For Zorum version 3.4, consider validating and sanitizing user input to prevent the display of sensitive information in error messages, such as the full path of the web root, as a temporary workaround until a patch is available.