Info

Disclosure

Apr 22, 2004

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

phpwsContacts contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when the allow_anon_view setting is disabled, anonymous users can still perform exports, which will disclose user contact information resulting in a loss of confidentiality.

Classification

Location: Remote / Network Access
Attack Type: Authentication Management, Information Disclosure
Impact: Loss of Confidentiality
Exploit: Exploit Public

Solution

Upgrade to phpwsContacts version 0.8.3 and phpwsBB 0.9.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

phpwsContacts

0.8.2

References

Secunia Advisory ID: 11480
Related OSVDB ID: 5678
Vendor URL: http://phpwscontacts.sourceforge.net/
Vendor Specific Advisory URL: http://sourceforge.net/tracker/index.php?func=detail&aid=940306&group_id=83662&atid=570207

Credit

Paul the lost boyscout - lostboyscoutusers.sourceforge.net -

Direct URL: http://osvdb.org/5677