WoltLab Community Framework (WCF) 1.0.6 in WoltLab Burning Board 3.0.5 allows remote attackers to obtain the full path via invalid (1) page and (2) form parameters, which leaks the path from an exception handler when a valid class cannot be found.
References
Configurations
History
21 Nov 2024, 00:45
Type | Values Removed | Values Added |
---|---|---|
References | () http://archives.neohapsis.com/archives/fulldisclosure/2008-04/0161.html - | |
References | () http://lists.grok.org.uk/pipermail/full-disclosure/2008-April/061271.html - | |
References | () http://secunia.com/advisories/29719 - Vendor Advisory | |
References | () http://www.securityfocus.com/archive/1/490560/100/0/threaded - | |
References | () http://www.securityfocus.com/archive/1/490782/100/0/threaded - | |
References | () http://www.securityfocus.com/bid/28678 - | |
References | () https://exchange.xforce.ibmcloud.com/vulnerabilities/41713 - |
Information
Published : 2008-04-09 21:05
Updated : 2024-11-21 00:45
NVD link : CVE-2008-1717
Mitre link : CVE-2008-1717
CVE.ORG link : CVE-2008-1717
JSON object : View
Products Affected
woltlab
- burning_board
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor