ISS X-Force Database: zanficmslite-error-path-disclosure(17687): Zanfi Cms lite multiple .php scripts error path disclosure

Zanfi Cms lite multiple .php scripts error path disclosure

zanficmslite-error-path-disclosure (17687)

Medium Risk

Description:

Zanfi Cms lite could allow a remote attacker to obtain sensitive information. A remote attacker could send a specially-crafted URL request to the adm_pages.php, corr_pages.php, del_block.php, del_page.php, footer.php or home.php script, which would cause an error message to be returned that contains the installation path of Zanfi Cms lite.

Platforms Affected:

Zanfi Solutions, Zanfi Cms lite 1.1

Remedy:

No remedy available as of June 27, 2009.

Consequences:

Obtain Information

References:

BugTraq Mailing List, Mon Oct 11 2004 - 07:59:48 CDT , Multiple vulnerabilities in ZanfiCmsLite at http://archives.neohapsis.com/archives/bugtraq/2004-10/0076.html.
Zanfi Cms lite Web page, Welkom bij Zanfi Solutions at http://www.zanfi.nl/index1.php?flag=cmslite.
CVE-2004-2196: Zanfi CMS lite 1.1 allows remote attackers to obtain the full path of the web server via direct requests without required arguments to (1) adm_pages.php, (2) corr_pages.php, (3) del_block.php, (4) del_page.php, (5) footer.php, (6) home.php, and others.
OSVDB ID: 10677: ZanfiCmsLite adm_pages.php Path Disclosure
OSVDB ID: 10678: ZanfiCmsLite corr_pages.php Path Disclosure
OSVDB ID: 10679: ZanfiCmsLite del_block.php Path Disclosure
OSVDB ID: 10680: ZanfiCmsLite del_page.php Path Disclosure
OSVDB ID: 10681: ZanfiCmsLite footer.php Path Disclosure
OSVDB ID: 10682: ZanfiCmsLite home.php Path Disclosure
SA12792: ZanfiCmsLite "index.php" Arbitrary File Inclusion Vulnerability
SECTRACK ID: 1011612: Zanfi CMS Lite Include File Error Lets Remote Users Execute Arbitrary Commands

Reported:

Oct 11, 2004

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page