CVE-2005-1635

Name of the Vulnerable Software and Affected Versions JGS-XA JGS-Portal versions 3.0.2 and earlier

Description The issue allows remote attackers to obtain the full server path via direct requests to multiple files, including jgs portal ref.php, jgs portal land.php, jgs portal log.php, jgs portal global sponsor.php, jgs portal global.php, jgs portal system.php, jgs portal views.php, and several files in the jgs portal include directory, such as jgs portal boardmenue.php, jgs portal forenliste.php, jgs portal geburtstag.php, jgs portal guckloch.php, jgs portal kalender.php, jgs portal letztethemen.php, jgs portal links.php, jgs portal neustemember.php, jgs portal newsboard.php, jgs portal online.php, jgs portal pn.php, jgs portal portalmenue.php, jgs portal styles.php, jgs portal suchen.php, jgs portal team.php, jgs portal topforen.php, jgs portal topposter.php, jgs portal umfrage.php, jgs portal useravatar.php, jgs portal waronline.php, jgs portal woonline.php, or jgs portal zufallsavatar.php.

Recommendations As a temporary workaround, consider restricting direct access to the mentioned files until a patch is available. Restrict access to the jgs portal include directory to minimize the risk of exploitation. Avoid using direct requests to the vulnerable files in the jgs portal include directory until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.