PT-2006-3481 · Destiney · Destiney Links Script
Luny
·
Published
2006-05-22
·
Updated
2018-10-18
·
CVE-2006-2534
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Destiney Links Script version 2.1.2
Description
The issue allows remote attackers to obtain the installation path by accessing certain files directly via a URL. This is possible because the script does not adequately protect its library and other support files, specifically those in the include and themes/original directories.
Recommendations
For Destiney Links Script version 2.1.2, consider restricting direct access to the include and themes/original directories to prevent remote attackers from obtaining the installation path.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Destiney Links Script