CVE-2006-1488

Name of the Vulnerable Software and Affected Versions: ActiveCampaign SupportTrio version 2.5

Description: The issue allows remote attackers to obtain the full path of the server. This can be achieved through invalid parameters in specific actions: (1) article or (2) print parameters in a kb action to "index.php", or (3) an invalid category parameter to "modules/KB/pdf.php". The path is leaked in an error message.

Recommendations: For ActiveCampaign SupportTrio version 2.5, consider restricting access to the "index.php" and "modules/KB/pdf.php" files until a patch is available. As a temporary workaround, avoid using invalid article, print, or category parameters in the respective actions to minimize the risk of path leakage.