PsychoStats 2.3 - 'Server.php' Full Path Disclosure
| EKU-ID: 35172 | CVE: CVE-2007-2780;OSVDB-36582 | OSVDB-ID: |
| Author: kefka | Published: 2007-05-17 | Verified:
 |
| Download: | ||
Rating☆☆☆☆☆ |
| EKU-ID: 35172 | CVE: CVE-2007-2780;OSVDB-36582 | OSVDB-ID: |
| Author: kefka | Published: 2007-05-17 | Verified:
|
| Download: | ||
Rating☆☆☆☆☆ |
source: https://www.securityfocus.com/bid/24039/info PsychoStats is prone to a path-disclosure issue when invalid data is submitted. Exploiting this issue can allow an attacker to access sensitive data that may be used to launch further attacks against a vulnerable computer. PsychoStats 3.0.6b and prior versions are vulnerable to this issue. http://www.example.com/[path]/server.php?newcss=styles.css&newtheme=%00