Vulnerabilities > CVE-2002-0282 - Path Disclosure vulnerability in DCP-Portal System Information

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
codeworx-technologies
nessus

Summary

DCP-Portal 3.7 through 4.5 allows remote attackers to obtain the physical path of the server via (1) a direct request to add_user.php, or via an invalid new_language parameter in (2) contents.php, (3) categories.php, or (4) files.php, which leaks the path in an error message.

Nessus

NASL familyCGI abuses
NASL idDCP_PORTAL_PATH_DISCLOSURE.NASL
descriptionDCP-Portal discloses its physical path when an empty request to add_user.php is made In addition, several other scripts may disclose the path if an invalid language is supplied, although Nessus has not checked for them.
last seen2020-06-01
modified2020-06-02
plugin id11477
published2003-03-26
reporterThis script is Copyright (C) 2003-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/11477
titleDCP-Portal Multiple Script Path Disclosure