Security Advisory

CVE-2006-6112

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2006-12-06 22:00:00

Last updated 2024-08-07 20:12:31

Assigner mitre

State PUBLISHED

Description

LifeType 1.0.x and 1.1.x have insufficient access control for all of the PHP scripts under (1) class/ and (2) plugins/, which allows remote attackers to obtain the installation path via a direct request to any of the scripts, as demonstrated by (a) bayesianfilter.class.php and (b) bootstrap.php, which leaks the path in an error message.

← Browse all CVEs View on cve.org ↗