Vulnerabilities > CVE-2002-0282 - Unspecified vulnerability in Codeworx Technologies Dcp-Portal

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN

Summary

DCP-Portal 3.7 through 4.5 allows remote attackers to obtain the physical path of the server via (1) a direct request to add_user.php, or via an invalid new_language parameter in (2) contents.php, (3) categories.php, or (4) files.php, which leaks the path in an error message.

Nessus

NASL familyCGI abuses
NASL idDCP_PORTAL_PATH_DISCLOSURE.NASL
descriptionDCP-Portal discloses its physical path when an empty request to add_user.php is made In addition, several other scripts may disclose the path if an invalid language is supplied, although Nessus has not checked for them.
last seen2020-06-01
modified2020-06-02
plugin id11477
published2003-03-26
reporterThis script is Copyright (C) 2003-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/11477
titleDCP-Portal Multiple Script Path Disclosure