PT-2009-6000 · Phpbms · Phpbms

Elwaux

Published

2009-10-22

Updated

2017-09-19

CVE-2009-3756

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions phpBMS version 0.96

Description The issue allows remote attackers to obtain sensitive information via direct requests to specific files, including footer.php, header.php, the show action in advancedsearch.php, and choicelist.php. These requests can reveal the installation path in an error message.

Recommendations For phpBMS version 0.96, consider restricting access to the files footer.php, header.php, advancedsearch.php, and choicelist.php to minimize the risk of exploitation. As a temporary workaround, limit the information disclosed in error messages to prevent revealing sensitive details about the installation path.

Exploit

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2009-3756

Affected Products

Phpbms

PT-2009-6000 · Phpbms · Phpbms

CVE-2009-3756

Weakness Enumeration

Related Identifiers

Affected Products

References · 4