OSVDB ID: 84744

Title: Dir2web system/db/website.db Direct Request Remote Information Disclosure

Info

Disclosure

Aug 05, 2012

Discovery

Unknown

Dates

Exploit

Aug 05, 2012

Solution

Unknown

Description

Dir2web contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a direct request is sent for system/db/website.db, which may allow a remote attacker to gain access to potentially sensitive information.

Classification

Location: Remote / Network Access
Impact: Loss of Confidentiality
Solution: Workaround
Exploit: Exploit Public
Disclosure: Uncoordinated Disclosure
OSVDB: Web Related

Solution

Currently, there are no known upgrades or patches to correct this vulnerability. It is possible to temporarily work around the flaw by implementing the following workaround: Restrict access to the _dir2web folder via .htaccess.

Products

Dir2web

Dir2web

3.0

References

Credit

Unknown or Incomplete



Direct URL: http://osvdb.org/84744