CVE-2006-1375

Name of the Vulnerable Software and Affected Versions AdMan versions 1.0.20051221 and earlier

Description The issue allows remote attackers to obtain the full path. This can be achieved by sending a blank campaignId parameter to the "editCampaign.php" endpoint or a blank schemeId parameter to the "viewPricingScheme.php" endpoint.

Recommendations For AdMan versions 1.0.20051221 and earlier, consider restricting access to the "editCampaign.php" and "viewPricingScheme.php" endpoints to minimize the risk of exploitation. Avoid using blank campaignId and schemeId parameters in these endpoints until the issue is resolved.