CVE-2006-4880

Name of the Vulnerable Software and Affected Versions David Bennett PHP-Post (PHPp) versions 1.0 and earlier

Description The issue allows remote attackers to obtain sensitive information via a direct request for certain files, which reveals the installation path in various error messages. Specifically, requesting files such as footer.php, template.php, or lastvisit.php can lead to the disclosure of sensitive information.

Recommendations For David Bennett PHP-Post (PHPp) versions 1.0 and earlier, consider restricting direct access to sensitive files such as footer.php, template.php, and lastvisit.php to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.