phpAdsNew and phpPgAds 2.0.6 and possibly earlier versions allows remote malicious users to obtain the application installation path and other sensitive information via direct requests to (1) create.php, and if display_errors is enabled, (2) lib-updates.inc.php, (3) lib-targetstats.inc.php, (4) lib-size.inc.php, (5) lib-misc-stats.inc.php, (6) lib-hourly-hosts.inc.php, (7) lib-hourly.inc.php, (8) lib-history.inc.php, and (9) graph-daily.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
phpadsnew phpadsnew 2.0.5 |
||
phpadsnew phpadsnew 2.0.6 |
||
phpadsnew phpadsnew 2.0.4_pr1 |
||
phppgads phppgads 2.0.6 |
||
phpadsnew phpadsnew 2.0_beta5 |
||
phpadsnew phpadsnew 2.0_beta6 |
||
phpadsnew phpadsnew 2_dev_2001-09-30 |
||
phpadsnew phpadsnew 2_dev_2001-10-09 |