|
|
Info |
Last Modified |
| 8 months ago |
|
|
|
|
Description |
(Description Provided by CVE) : w-agora 4.2.1 allows remote attackers to obtain sensitive information by via the (1) bn[] array parameter to index.php, which expects a string, and (2) certain parameters to delete_forum.php, which displays the path name in the resulting error message.
|
|
Classification |
Location:
Remote/Network Access Required
Attack Type:
Information Disclosure
Impact:
Loss of Confidentiality
Exploit:
Exploit Available
Disclosure:
OSVDB Verified
OSVDB:
Web Related
|
|
Technical |
This vulnerability is only present when the register_globals PHP option is set to 'on'. This has not been the default setting for PHP installs since version 4.2.0 (22-Apr-2002).
|
|
Solution |
Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround(s):
1) Set PHP register_globals to Off.
2) Disable warning messages by modifying the following in php.ini: display_errors = Off.
3) Modify the .htaccess file (this will only work on Apache servers).
|
|
Products |
|
W-Agora
 |
4.2.1 |
|
|
|
|
|
Credit |
Unknown or Incomplete
|
|
BlogsProvided by Technorati
|
None found at this time
|
|
|
