PowerPortal 1.x allows remote attackers to gain sensitive information via invalid or missing parameters in HTTP requests to (1) resize.php or (2) modules.php, which reveals the path in an error message.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Powerportal | Powerportal | 1.1b (including) | 1.1b (including) |
| Powerportal | Powerportal | 1.3 (including) | 1.3 (including) |
| Powerportal | Powerportal | 1.3b (including) | 1.3b (including) |
References
- http://marc.info/?l=bugtraq\u0026m=108844362627811\u0026w=2
- http://www.securityfocus.com/bid/10622
- http://www.swp-zone.org/archivos/advisory-07.txt
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16529
- http://marc.info/?l=bugtraq\u0026m=108844362627811\u0026w=2
- http://www.securityfocus.com/bid/10622
- http://www.swp-zone.org/archivos/advisory-07.txt
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16529