DCP-Portal 3.7 through 4.5 allows remote attackers to obtain the physical path of the server via (1) a direct request to add_user.php, or via an invalid new_language parameter in (2) contents.php, (3) categories.php, or (4) files.php, which leaks the path in an error message.
References
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2002-05-31 04:00
Updated : 2024-02-04 16:31
NVD link : CVE-2002-0282
Mitre link : CVE-2002-0282
CVE.ORG link : CVE-2002-0282
JSON object : View
Products Affected
codeworx_technologies
- dcp-portal
CWE