CVE-2005-1995

Name of the Vulnerable Software and Affected Versions Bitrix Site Manager versions 4.0.x

Description The issue allows remote attackers to obtain sensitive information by making a direct request to certain files. Specifically, requests to "subscr form.php" or "dbquery error.php" can reveal the path in an error message.

Recommendations For versions 4.0.x, consider restricting access to the "subscr form.php" and "dbquery error.php" files to minimize the risk of exploitation. As a temporary workaround, disabling error messages that reveal sensitive information can also help mitigate the issue.