PT-2011-4688 · Unknown · Rapidleech

Published

2011-09-24

Updated

2012-10-24

CVE-2011-3798

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions Rapid Leech version 2.3-v42-svn322

Description The issue allows remote attackers to obtain sensitive information via a direct request to a .php file. This is achieved by exploiting the error message that reveals the installation path when accessing certain files, such as classes/pear.php.

Recommendations For Rapid Leech version 2.3-v42-svn322, consider restricting access to sensitive .php files, such as classes/pear.php, to prevent the disclosure of the installation path. Additionally, review the error handling mechanism to prevent sensitive information from being revealed in error messages.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2011-3798

Affected Products

Rapidleech

PT-2011-4688 · Unknown · Rapidleech

CVE-2011-3798

Weakness Enumeration

Related Identifiers

Affected Products

References · 5