DCP-Portal 3.7 up to and including 4.5 allows remote malicious users to obtain the physical path of the server via (1) a direct request to add_user.php, or via an invalid new_language parameter in (2) contents.php, (3) categories.php, or (4) files.php, which leaks the path in an error message.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
codeworx technologies dcp-portal 4.5 |
||
codeworx technologies dcp-portal 4.1 |
||
codeworx technologies dcp-portal 4.2 |
||
codeworx technologies dcp-portal 3.7 |
||
codeworx technologies dcp-portal 4.0 |