[原文]CS-Forum before 0.82 allows remote attackers to obtain sensitive information via unspecified manipulations, possibly involving an empty collapse[] or readall parameter to index.php, which reveals the installation path in an error message.
CS-Forum contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker provides malformed input to the index.php script, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.
-
时间线
2006-06-11
Unknow
2006-06-11
Unknow
-
解决方案
Upgrade to version 0.82 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.