PT-2004-2473 · W Agora · W-Agora

Published

2004-12-31

Updated

2016-10-18

CVE-2004-1565

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions w-Agora version 4.1.6a

Description The issue allows remote attackers to reveal the full path of the system via a crafted HTTP request, possibly involving a malformed id parameter in the list.php file.

Recommendations For w-Agora version 4.1.6a, consider restricting access to the list.php file until a patch is available, or avoid using the id parameter in the affected HTTP request to minimize the risk of path revelation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2004-1565

Affected Products

W-Agora

PT-2004-2473 · W Agora · W-Agora

CVE-2004-1565

Related Identifiers

Affected Products

References · 7