CVE-2005-2652

Name of the Vulnerable Software and Affected Versions Zorum version 3.5

Description The issue allows remote attackers to obtain the full installation path via direct requests to various API endpoints, including "gorum/notification.php", "user.php", "attach.php", "blacklist.php", "zorum/forum.php", "globalstat.php", "gorum/trace.php", "gorum/badwords.php", and "gorum/flood.php".

Recommendations For Zorum version 3.5, consider restricting access to the mentioned API endpoints as a temporary workaround until a patch is available. Avoid direct requests to these endpoints to minimize the risk of exploitation.