Vulnerabilities > CVE-2004-2664 - Information Disclosure vulnerability in Adodb

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

john-lim

NVD

Published: 2004-12-31

Updated: 2008-09-05

Summary

John Lim ADOdb Library for PHP before 4.23 allows remote attackers to obtain sensitive information via direct requests to certain scripts that result in an undefined value of ADODB_DIR, which reveals the installation path in an error message. This vulnerability is addressed in the following product release: John Lim, ADOdb, 4.23

Vulnerable Configurations

Part	Description	Count
Application	John_Lim John LIM Adodb 3.94 John LIM Adodb 4.00 John LIM Adodb 4.01 John LIM Adodb 4.02 John LIM Adodb 4.03 John LIM Adodb 4.04 John LIM Adodb 4.05 John LIM Adodb 4.10 John LIM Adodb 4.11 John LIM Adodb 4.20 John LIM Adodb 4.21 John LIM Adodb *	12

References

http://phplens.com/lens/adodb/docs-adodb.htm#changes