Info

Disclosure

Oct 11, 2004

Discovery

Unknown

Dates

Exploit

Oct 11, 2004

Solution

Unknown

Description

Zanfi Cms Lite contains a flaw within del_block.php that may lead to an unauthorized information disclosure. The issue is triggered when an attacker sends a request for the script without arguments, which will disclose path information resulting in a loss of confidentiality.

Classification

Location: Remote/Network Access Required
Attack Type: Information Disclosure
Impact: Loss of Confidentiality
Exploit: Exploit Available
Disclosure: OSVDB Verified
OSVDB: Web Related

Solution

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Products

Zanfi Solutions

Zanfi Cms Lite

1.1

References

Security Tracker: 1011612
Related OSVDB ID: 10676 10677 10678 10680 10681 10682
Secunia Advisory ID: 12792
ISS X-Force ID: 17687
CVE ID: 2004-2196 (see also: NVD)
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-10/0076.html
Other Advisory URL: http://www.proxysky.com/vulz/show.php?id=3
Vendor URL: http://www.zanfi.nl

Credit

Lin Xiaofeng - cracklovegmail.com -

Direct URL: http://osvdb.org/36218