phpwsContacts Discloses CSV File to Remote Users
|
|
SecurityTracker Alert ID: 1009949
|
|
CVE Reference: GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Apr 26 2004
|
Impact: Disclosure of user information
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Version(s): prior to 0.8.3
|
Description: A vulnerability was reported in phpwsContacts. A remote user can view the CSV file.
The vendor reported that a remote user can view the CSV file regardless of the 'allow_anon_view' setting.
|
Impact: A remote user can view the CSV file.
|
Solution: The vendor has released a fixed version (0.8.3), available at:
http://phpwscontacts.sourceforge.net/#downloads
|
Vendor URL: sourceforge.net/forum/forum.php?forum_id=370315 (Links to External Site)
|
Cause: Access control error
|
Underlying OS: Linux (Any), UNIX (Any), Windows (Any)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Mon, 26 Apr 2004 16:02:34 -0400
Subject: http://sourceforge.net/forum/forum.php?forum_id=370315
|
http://sourceforge.net/forum/forum.php?forum_id=370315
http://phpwscontacts.sourceforge.net/
> Posted By: rizzo
> Date: 2004-04-21 20:24
> Summary: phpwsContacts 0.8.3 Released
> Fixed a security hole that allowed anonymous people to export the CSV file regardless
> of allow_anon_view setting. Also made more fields available for browse templates for
> those people wanting to customize it.
|
|
