Bug (new)

path disclosure vulnerability

Summary

new
May 20, 2009
May 20, 2009 / guest
Apr 15, 2012 / pixtur
 

Attached files

No files uploaded
 
if url parameter "go" set to array []
every person (hacker) can see absolute install path.

Issue report

Minor
Always
Apache/2.2.8 Server, PHP5.2.4
0.0902
???
http://www.streber-pm.org/demo/index.php?go[]=projViewEffortCalculations&prj=4320

if url parameter "go" set to array []
every person (hacker) can see absolute install path.
check whether parameter "go" is array
 

No Comments