Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Generic)  >   ClientExec Vendors:
ClientExec Default Installation Discloses System Configuration Information to Remote Users
SecurityTracker Alert ID:  1011737
SecurityTracker URL:
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Oct 16 2004
Impact:   Disclosure of system information
Exploit Included:  Yes  

Description:   A configuration vulnerability was reported in ClientExec. A remote user can determine information about the system configuration in a default installation.

William reported that the software installs 'phpinfo.php' in the main ClientExec directory. A remote user can invoke the script directly to obtain information about the PHP configuration on the target system.

The vendor has been notified.

Impact:   A remote user can obtain system configuration information.
Solution:   No solution was available at the time of this entry.

The vendor is working on a fix.

Vendor URL: (Links to External Site)
Cause:   Configuration error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   None.

 Source Message Contents

Subject:  Clientexec Billing Software

Clientexec is a php billing software with a target audience of webhosts. By
default there is a file called phpinfo.php in the main clientexec directory.
This can be access by anyone with a web browser. I looked through the
documentation and didn't find any reference to it. I then checked several
different companies using this piece of software and all had it in the same
place. I contacted the vendor and he said he would fix it. I know this sounds
silly, but many people that use this software are not familar with issues like
these let alone know what the phpinfo() function does.


This message was sent using IMP, the Internet Messaging Program.


Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC