PT-2004-3091 · Zanfi · Zanfi Cms Lite

Published

2004-12-31

Updated

2017-07-11

CVE-2004-2196

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Zanfi CMS lite version 1.1

Description The issue allows remote attackers to obtain the full path of the web server via direct requests without required arguments to various PHP files, including "adm pages.php", "corr pages.php", "del block.php", "del page.php", "footer.php", "home.php", and others.

Recommendations For Zanfi CMS lite version 1.1, consider restricting direct access to sensitive PHP files, such as "adm pages.php", "corr pages.php", "del block.php", "del page.php", "footer.php", "home.php", and others, until a patch is available. As a temporary workaround, ensure that all requests to these files include the required arguments to prevent information disclosure.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2004-2196

Affected Products

Zanfi Cms Lite

PT-2004-3091 · Zanfi · Zanfi Cms Lite

CVE-2004-2196

Related Identifiers

Affected Products

References · 12