#225 Full Path disclosures

closed-fixed
nabber00
Security (24)
7
2011-12-13
2010-08-15
nabber00
No

http://\[Url]/sphpblog/scripts/sb_functions.php

Ex :

Warning: main(scripts/sb_fileio.php): failed to open stream: No such file or directory in
/var/www/sphpblog/scripts/sb_functions.php on line 52

Fatal error: main(): Failed opening required 'scripts/sb_fileio.php'
(include_path='.:/usr/share/pear') in
/var/www/sphpblog/scripts/sb_functions.php on line 52

Source: http://seclists.org/bugtraq/2005/Apr/232

Discussion

  • nabber00

    nabber00 - 2010-08-15
    • status: open --> open-accepted
     
  • nabber00

    nabber00 - 2010-08-15

    Workaround:

    In your php.ini file, set display_errors = Off.

     
  • nabber00

    nabber00 - 2010-08-15
    • status: open-accepted --> closed-fixed
     
  • nabber00

    nabber00 - 2010-08-15

    Fixed in svn r47.

     
  • nabber00

    nabber00 - 2011-12-13

    This is CVE-2005-1137.

     
  • nabber00

    nabber00 - 2011-12-13
    • status: closed-fixed --> open-fixed
     
  • nabber00

    nabber00 - 2011-12-13
    • status: open-fixed --> closed-fixed
     

Log in to post a comment.