CVE-2006-1851

Name of the Vulnerable Software and Affected Versions xFlow versions 5.46.11 and earlier

Description The issue allows remote attackers to determine the installation path of the application. This is possible via the action parameter to "members only/index.cgi" and the page parameter to "customer area/index.cgi", likely due to the application's handling of invalid values.

Recommendations For xFlow versions 5.46.11 and earlier, as a temporary workaround, consider restricting access to the "members only/index.cgi" and "customer area/index.cgi" API endpoints until a patch is available. Avoid using the action and page parameters in these endpoints to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.