CVE-2006-3104 | Vulnerability Database | Aqua Security

users/index.php in Bitweaver 1.3 allows remote attackers to obtain sensitive information via an invalid sort_mode parameter, which reveals the installation path and database information in the resultant error message.

Affected Software

Name	Vendor	Start Version	End Version
Bitweaver	Bitweaver	1.3 (including)	1.3 (including)

References

http://retrogod.altervista.org/bitweaver_13_xpl.html
http://secunia.com/advisories/20695
http://securityreason.com/securityalert/1115
http://sourceforge.net/project/shownotes.php?release_id=336854\u0026group_id=141358
http://www.bitweaver.org/articles/45
http://www.osvdb.org/26589
http://www.securityfocus.com/archive/1/437491/100/0/threaded
http://www.vupen.com/english/advisories/2006/2405
https://exchange.xforce.ibmcloud.com/vulnerabilities/27214
http://retrogod.altervista.org/bitweaver_13_xpl.html
http://secunia.com/advisories/20695
http://securityreason.com/securityalert/1115
http://sourceforge.net/project/shownotes.php?release_id=336854\u0026group_id=141358
http://www.bitweaver.org/articles/45
http://www.osvdb.org/26589
http://www.securityfocus.com/archive/1/437491/100/0/threaded
http://www.vupen.com/english/advisories/2006/2405
https://exchange.xforce.ibmcloud.com/vulnerabilities/27214

NVD	https://nvd.nist.gov/vuln/detail/CVE-2006-3104
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html