Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-0282

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2002-0282
Last Modified 10 Sep 2008 08:00:51
Published 31 May 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-0282

Summary

DCP-Portal 3.7 through 4.5 allows remote attackers to obtain the physical path of the server via (1) a direct request to add_user.php, or via an invalid new_language parameter in (2) contents.php, (3) categories.php, or (4) files.php, which leaks the path in an error message.

Vulnerable Systems

Application

  • Codeworx Technologies Dcp-portal 3.7

  • Codeworx Technologies Dcp-portal 4.0

  • Codeworx Technologies Dcp-portal 4.1

  • Codeworx Technologies Dcp-portal 4.2

  • Codeworx Technologies Dcp-portal 4.5


References

XF - dcpportal-language-path-disclosure(8310)

XF - dcpportal-adduser-path-disclosure(8196)

BID - 4113

CONFIRM - http://www.dcp-portal.com/files.php?action=viewcat&fcat_id=1

BUGTRAQ - 20020228 [ARL02-A04] DCP-Portal System Information Path Disclosure

BUGTRAQ - 20020215 [ARL02-A02] DCP-Portal Root Path Disclosure Vulnerability


Last Updated: 27 May 2016 10:36:51