PT-2006-1211 · Boastmachine · Boastmachine

M.Hasran Addahroni

Published

2006-01-09

Updated

2018-10-19

CVE-2006-0131

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions: boastMachine version 3.1

Description: The issue allows remote attackers to obtain sensitive information via a direct request to API endpoints such as "footer.php" and "side menu.php", which reveals the path in an error message.

Recommendations: For boastMachine version 3.1, consider restricting access to the "footer.php" and "side menu.php" files to minimize the risk of exploitation. As a temporary workaround, modify the error handling in these files to prevent the disclosure of sensitive path information.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-0131

Affected Products

Boastmachine

PT-2006-1211 · Boastmachine · Boastmachine

CVE-2006-0131

Related Identifiers

Affected Products

References · 4