CVE-2005-0828

Name of the Vulnerable Software and Affected Versions RUNCMS version 1.1A CIAMOS version 0.9.2 RC1 e-Xoops version 1.05 Rev3

Description The issue allows remote attackers to read arbitrary PHP files by specifying the pathname in the file parameter. This can be used to read sensitive information, such as database configuration details from mainfile.php.

Recommendations For RUNCMS version 1.1A, restrict access to the highlight.php file to prevent exploitation. For CIAMOS version 0.9.2 RC1, consider disabling the file parameter in the highlight.php file until a fix is available. For e-Xoops version 1.05 Rev3, avoid using the file parameter in the highlight.php file to minimize the risk of exploitation.