PT-2006-3482 · Destiney · Destiney Links Script

Luny

Published

2006-05-22

Updated

2018-10-18

CVE-2006-2535

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Destiney Links Script version 2.1.2

Description The issue allows remote attackers to obtain the installation path via an invalid show parameter referencing a non-existent file in index.php, which reveals the path in the resulting error message. This might be a symptom of a more serious issue, such as directory traversal.

Recommendations For Destiney Links Script version 2.1.2, consider restricting access to the index.php file or validating the show parameter to prevent the disclosure of the installation path. As a temporary workaround, restrict the use of the show parameter in index.php to minimize the risk of path disclosure.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2006-2535

Affected Products

Destiney Links Script

PT-2006-3482 · Destiney · Destiney Links Script

CVE-2006-2535

Weakness Enumeration

Related Identifiers

Affected Products

References · 6