PHPX 3.2.6 and previous versions allows remote malicious users to obtain the physical path of PHPX via a null or invalid value in the limit parameter, which leaks the pathname in a database error message, as demonstrated using forums.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
phpx phpx 3.2.4 |
||
phpx phpx 2.2.1 |
||
phpx phpx 3.2.5 |
||
phpx phpx 3.1.0 |
||
phpx phpx 3.1.2 |
||
phpx phpx 3.0.4 |
||
phpx phpx 3.0.0 |
||
phpx phpx 3.1.4 |
||
phpx phpx 3.0.2 |
||
phpx phpx 3.0.1 |
||
phpx phpx 3.0.6 |
||
phpx phpx 3.2.0 |
||
phpx phpx 1.0.10 |
||
phpx phpx 3.1.3 |
||
phpx phpx 3.2.2 |
||
phpx phpx 2.2.4 |
||
phpx phpx 2.1.0 |
||
phpx phpx 3.0.7 |
||
phpx phpx 2.2.3 |
||
phpx phpx 3.1.1 |
||
phpx phpx 3.2.6 |
||
phpx phpx 2.2.0 |
||
phpx phpx 3.2.3 |
||
phpx phpx 3.0.5 |
||
phpx phpx 3.2.1 |
||
phpx phpx 3.0.3 |
||
phpx phpx 1.0.7 |
||
phpx phpx 1.0.14 |