[原文]highlight.php in (1) RUNCMS 1.1A, (2) CIAMOS 0.9.2 RC1, (3) e-Xoops 1.05 Rev3, and possibly other products based on e-Xoops (exoops), allows remote attackers to read arbitrary PHP files by specifying the pathname in the file parameter, as demonstrated by reading database configuration information from mainfile.php.
E-Xoops contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker invokes highlight.php to view the source code of mainfile.php, which will disclose database connection information, including the password resulting in a loss of confidentiality.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.
Discovery of this vulnerability is credited to "Majid NT" <NT@ihsteam.com>.
RunCMS RunCMS 1.1
E-Xoops E-Xoops 1.0 5r3
RunCMS is reportedly affected by an information disclosure vulnerability. This issue is due to a failure in the application to secure sensitive information.
Exploitation of this vulnerability could lead to the disclosure of database configuration details, including the database name, user name and password.
RunCMS was formerly named E-Xoops.
No exploit is required.
The following proof of concept is available: http://www.example.com/[runcms]/class/debug/highlight.php?file=[runcmsinstallationpath]\mainfile.php&line=151#151
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: firstname.lastname@example.org <mailto:email@example.com>.