CVE-2006-0327

Name of the Vulnerable Software and Affected Versions TYPO3 version 3.7.1

Description The issue allows remote attackers to obtain sensitive information by making a direct request to certain scripts, including thumbs.php, showpic.php, or tables.php. This causes the scripts to incorrectly define a variable, resulting in an error message that reveals the path when a require function call fails.

Recommendations For TYPO3 version 3.7.1, consider restricting access to the thumbs.php, showpic.php, and tables.php scripts to minimize the risk of exploitation. As a temporary workaround, avoid using these scripts until a fix is available. At the moment, there is no information about a newer version that contains a fix for this issue.