deV!Lz Clanportal Browser.PHP Information Disclosure Vulnerability

Bugtraq ID:	22660
Class:	Input Validation Error
CVE:	CVE-2007-1167
Remote:	Yes
Local:	No
Published:	Feb 21 2007 12:00AM
Updated:	May 12 2015 07:34PM
Credit:	Kiba is credited with the discovery of this vulnerability.
Vulnerable:	deV!Lz Clanportal deV!Lz Clanportal 1.4.5
Not Vulnerable:

deV!Lz Clanportal Browser.PHP Information Disclosure Vulnerability

deV!Lz Clanportal is prone to an information-disclosure vulnerability because it fails to properly secure potentially sensitive information.

An attacker can exploit this issue to access potentially sensitive information that may aid in other attacks.

This issue affects version 1.4.5; other versions may also be affected.

deV!Lz Clanportal Browser.PHP Information Disclosure Vulnerability

An attacker can exploit this issue by using a browser.

The following proof-of-concept URI is available:

http://www.example.com/dzcp/inc/filebrowser/browser.php?file=inc/mysql.php

deV!Lz Clanportal Browser.PHP Information Disclosure Vulnerability

Solution:
Currently we are not aware of any solutions for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

deV!Lz Clanportal Browser.PHP Information Disclosure Vulnerability

References:

• deV!Lz Clanportal Homepage (deV!Lz Clanportal)