Vulnerabilities > CVE-2004-1504 - Unspecified vulnerability in Salims Softhouse JAF CMS 3.0
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
The displaycontent function in config.php for Just Another Flat file (JAF) CMS 3.0RC allows remote attackers to gain sensitive information via a blank show parameter, which reveals the installation path in an error message, as demonstrated using index.php.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
References
- http://echo.or.id/adv/adv08-y3dips-2004.txt
- http://echo.or.id/adv/adv08-y3dips-2004.txt
- http://marc.info/?l=bugtraq&m=110004150430309&w=2
- http://marc.info/?l=bugtraq&m=110004150430309&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18006
- https://exchange.xforce.ibmcloud.com/vulnerabilities/18006