CVE-2005-1954

Name of the Vulnerable Software and Affected Versions singapore version 0.9.11

Description The issue allows remote attackers to obtain sensitive information via a direct request to specific files, which reveal the path in an error message. This can be achieved by accessing (1) admin.class.php, (2) any .tpl.php file in templates/admin default/, or (3) any .tpl.php file in templates/default/.

Recommendations For version 0.9.11, consider restricting access to the admin.class.php file, as well as the .tpl.php files in the templates/admin default/ and templates/default/ directories, to minimize the risk of exploitation.