Xaraya version 2.2.0 Beta 1 suffers from a path disclosure vulnerability.
25cf2837e277ac2a10f0dcb8b79e90c2baf2d5219f0eee037896570fdb9032cfVulnerability ID: HTB22829
Reference: https://www.htbridge.ch/advisory/path_disclosure_in_xaraya.html
Product: Xaraya
Vendor: Xaraya Development Group ( https://www.xaraya.com/ )
Vulnerable Version: 2.2.0 (beta 1)
Vendor Notification: 01 February 2011
Vulnerability Type: Path disclosure
Risk level: Low
Credit: High-Tech Bridge SA - Ethical Hacking & Penetration Testing (https://www.htbridge.ch/)
Vulnerability Details:
The vulnerability exists due to failure in the "lib/blocklayout/compiler.php", "lib/blocklayout/xsltransformer.php", "lib/xaraya/autoload.php" scripts, it's possible to generate an error that will reveal the full path of the script.
A remote user can determine the full path to the web root directory and other potentially sensitive information.
https://host/lib/blocklayout/compiler.php
https://host/lib/blocklayout/xsltransformer.php
https://host/lib/xaraya/autoload.php
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed