PT-2009-4734 · Aardvark · Aardvark Topsites Php

Published

2009-07-02

Updated

2018-10-10

CVE-2009-2303

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Aardvark Topsites PHP versions 5.2.1 and earlier

Description The issue allows remote attackers to obtain sensitive information. This is achieved by providing a negative integer value for the start parameter in a search action, which results in the revelation of the installation path in an error message.

Recommendations For versions 5.2.1 and earlier, consider validating and sanitizing the start parameter in the search action to prevent the disclosure of sensitive information. As a temporary workaround, restrict access to the search functionality until a proper fix is implemented.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2009-2303

Affected Products

Aardvark Topsites Php

PT-2009-4734 · Aardvark · Aardvark Topsites Php

CVE-2009-2303

Weakness Enumeration

Related Identifiers

Affected Products

References · 5