Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1897

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2006-1897
Last Modified 05 Sep 2008 05:03:08
Published 20 Apr 2006 06:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-1897

Summary

Webplus (aka talentsoft) Web+Shop 5.3.6, when Redirect URL for "Script Not Found" Error is not configured, allows remote attackers to obtain sensitive information via a quote (') or possibly other invalid value in the storeid parameter in store.wml in webplus.exe, which reveals the path in a "Script Not Found" error message.

Vulnerable Systems

Application

  • Talentsoft Web%2b Shop 5.3.6


References

OSVDB - 24621

BUGTRAQ - 20060413 TalentSoft Web+Shop Path Disclosure

SECUNIA - 19662

XF - webplusshop-webplus-path-disclosure(25802)

SREASON - 761

SREASON - 703


Last Updated: 27 May 2016 10:42:15