SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   ClientExec Vendors:   clientexec.com
ClientExec Default Installation Discloses System Configuration Information to Remote Users
SecurityTracker Alert ID:  1011737
SecurityTracker URL:  http://securitytracker.com/id/1011737
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Oct 16 2004
Impact:   Disclosure of system information
Exploit Included:  Yes  

Description:   A configuration vulnerability was reported in ClientExec. A remote user can determine information about the system configuration in a default installation.

William reported that the software installs 'phpinfo.php' in the main ClientExec directory. A remote user can invoke the script directly to obtain information about the PHP configuration on the target system.

The vendor has been notified.

Impact:   A remote user can obtain system configuration information.
Solution:   No solution was available at the time of this entry.

The vendor is working on a fix.

Vendor URL:  www.clientexec.com/newsite/ (Links to External Site)
Cause:   Configuration error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  Clientexec Billing Software




Clientexec is a php billing software with a target audience of webhosts. By
default there is a file called phpinfo.php in the main clientexec directory.
This can be access by anyone with a web browser. I looked through the
documentation and didn't find any reference to it. I then checked several
different companies using this piece of software and all had it in the same
place. I contacted the vendor and he said he would fix it. I know this sounds
silly, but many people that use this software are not familar with issues like
these let alone know what the phpinfo() function does.


William


----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC