SelectaPix May Disclose the Installation Path to Remote Users - SecurityTracker

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Category: Application (Forum/Board/Portal) > SelectaPix

Vendors: Out of the Trees Web Design

SelectaPix May Disclose the Installation Path to Remote Users

SecurityTracker Alert ID: 1016085

SecurityTracker URL: http://securitytracker.com/id/1016085

CVE Reference: CVE-2006-2463 (Links to External Site)

Updated: Dec 5 2009

Original Entry Date: May 14 2006

Impact: Disclosure of system information

Exploit Included: Yes

Description: snixa snixa reported a vulnerability in SelectaPix. A remote user can determine the installation path.

A remote user can supply a specially crafted URL to cause the system to generate an error message that discloses the installation path.

A demonstration exploit URL is provided:

http://[target]/selectapix/demo/view_album.php?page=pagetitle

Impact: A remote user can determine the installation path.

Solution: No solution was available at the time of this entry.

Vendor URL: www.outofthetrees.co.uk/selectapix/ (Links to External Site)

Cause: Exception handling error

Underlying OS: Linux (Any), UNIX (Any), Windows (Any)

Message History: None.

Source Message Contents

Subject: [none]

SelectaPix free PHP image gallery script

Installation path disclousure

http://target/selectapix/demo/view_album.php?page=pagetitle

Example:

http://www.outofthetrees.co.uk/selectapix/demo/view_album.php?page=pagetitle

Warning: mysql_result(): Unable to jump to row 0 on MySQL result index 13 in 
/usr/local/home/httpd/vhtdocs/outofthetrees.co.uk/selectapix/demo/classes/db.php on 
line 223



Vendor not yet notified!

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us
This web site uses cookies for web analytics. Learn More
Copyright 2021, SecurityGlobal.net LLC