CVE-2006-5027

Name of the Vulnerable Software and Affected Versions JevonCMS versions prior to alpha

Description The issue allows remote attackers to obtain sensitive information via a direct request for certain php/main/phplib files, including db msql.inc, db mssql.inc, db mysql.inc, db oci8.inc, db odbc.inc, db oracle.inc, db pgsql.inc, and db sybase.inc. These files reveal the path in various error messages.

Recommendations For JevonCMS versions prior to alpha, consider restricting access to the php/main/phplib directory to minimize the risk of exploitation. As a temporary workaround, avoid using the direct request method for the mentioned files until a patch is available.