CVE-2007-5942

Name of the Vulnerable Software and Affected Versions Bandersnatch version 0.4

Description The issue allows remote attackers to obtain sensitive information via a malformed request for "index.php" with specific parameter values, which reveals the path in various error messages. This can be achieved by setting the func parameter to a certain value, or by setting the func, jid, page, and limit parameters to specific values.

Recommendations For Bandersnatch version 0.4, as a temporary workaround, consider restricting access to the "index.php" endpoint until a patch is available. Avoid using the parameters func, jid, page, and limit in the affected endpoint until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.