Vulnerabilities > CVE-2006-0445 - Input Validation vulnerability in PHPclanwebsite 1.23.1

CVSS 4.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

SINGLE

Confidentiality impact

PARTIAL

Integrity impact

NONE

Availability impact

NONE

network

low complexity

phpclanwebsite

NVD

Published: 2006-01-26

Updated: 2018-10-19

Summary

index.php in Phpclanwebsite 1.23.1 allows remote authenticated users to obtain the installation path by specifying an invalid file name to the uploader page, as demonstrated by "\", which will display the full path of uploader.php. NOTE: this might be the result of a file inclusion vulnerability. Please add the following to the config.php file to avoid all such exploits. ini_set('display_errors', false);

Vulnerable Configurations

Part	Description	Count
Application	Phpclanwebsite Phpclanwebsite Phpclanwebsite 1.23.1	1

References

http://www.h4cky0u.org/advisories/HYSA-2006-002-phpclan.txt
http://www.osvdb.org/22721
http://www.securityfocus.com/archive/1/423145/100/0/threaded
http://www.securityfocus.com/bid/16391