Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:16038
HistoryFeb 13, 2007 - 12:00 a.m.

DotClear Full Path Disclosure Vulnerability

2007-02-1300:00:00
vulners.com
37
JSON

I have contacted the developers 2 weeks ago, still no answer…

Vendor: DotClear
Vulnerable: DotClear 1.2.5 and below
Release Date: 2007-01-28

Full Path Disclosure

This vulnerability affects:
http://www.example.com/dotclear/themes/default/form.php
http://www.example.com/dotclear/themes/default/list.php
http://www.example.com/dotclear/themes/default/post.php
http://www.example.com/dotclear/themes/default/template.php

When they are called, the scripts do not check that they have been called by another page of the blog, so when they are called directly, they disclose the full path of the webroot.

Fatal error: Call to a member function fetch() on a non-object in
/home/users/xxxx/dotclear/themes/xxx/list.php on line 34

Solution

Edit the code.

Advisory

http://zone14.free.fr/advisories/8/

JSON