CVE-2005-1995

Description

Bitrix Site Manager 4.0.x allows remote attackers to obtain sensitive information via direct request to (1) subscr_form.php or (2) dbquery_error.php, which reveals the path in an error message.

Affected products

• Bitrix / bitrix_site_manager4.0.0 – 4.0.0
• Bitrix / bitrix_site_manager4.0.2 – 4.0.2
• Bitrix / bitrix_site_manager4.0.3 – 4.0.3
• Bitrix / bitrix_site_manager4.0.4 – 4.0.4
• Bitrix / bitrix_site_manager4.0.5 – 4.0.5
• Bitrix / bitrix_site_manager4.0.6 – 4.0.6
• Bitrix / bitrix_site_manager4.0.7 – 4.0.7
• Bitrix / bitrix_site_manager4.0.8 – 4.0.8

References

• MAILING_LISThttp://marc.info/?l=bugtraq&m=111885652331100&w=2
• MISChttp://www.osvdb.org/17348
• MISChttp://www.osvdb.org/17376
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/21019