Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1488

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2006-1488
Last Modified 07 Mar 2011 09:33:11
Published 28 Mar 2006 09:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-1488

Summary

ActiveCampaign SupportTrio 2.5 allows remote attackers to obtain the full path of the server via invalid (1) article or (2) print parameters in a kb action to index.php, or (3) an invalid category parameter to modules/KB/pdf.php, which leaks the path in an error message.

Vulnerable Systems

Application

  • Activecampaign Supporttrio 2.50.2


References

VUPEN - ADV-2006-1126

SECUNIA - 19431

XF - supporttrio-index-pdf-path-disclosure(25517)

OSVDB - 24191

OSVDB - 24190

MISC - http://pridels0.blogspot.com/2006/03/activecampaign-supporttrio-25-vuln.html


Last Updated: 27 May 2016 10:42:05