PT-2008-1623 · Unknown · 2Z Project

Alexandr Polyakov

Published

2008-01-04

Updated

2018-10-15

CVE-2007-6660

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions 2z project version 0.9.6.1

Description The issue allows remote attackers to obtain sensitive information. This can be achieved through a request to index.php with an invalid template or a request to the default URI with certain year and month parameters. The vulnerability reveals the path in various error messages.

Recommendations For version 0.9.6.1, consider restricting access to the index.php file and limiting the input for year and month parameters to prevent exploitation until a patch is available. As a temporary workaround, avoid using invalid templates in requests to index.php and restrict the use of certain year and month parameters in requests to the default URI.

Exploit

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2007-6660

Affected Products

2Z Project

PT-2008-1623 · Unknown · 2Z Project

CVE-2007-6660

Weakness Enumeration

Related Identifiers

Affected Products

References · 5