| VID |
21876 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The Clever Copy is vulnerable to an information disclosure vulnerability via the admin/connect.inc file. Clever Copy is a freely available Web portal and news posting system written in PHP. Clever Copy version 3.0 and earlier versions could allow a remote attacker to access to the 'admin/connect.inc' include file. A remote attacker could access the 'admin/connect.inc' file directly to view the database username and password used by the application to connect to a database.
* References:
http://www.securityfocus.com/archive/1/archive/1/430369/100/0/threaded
http://advisories.echo.or.id/adv/adv28-K-159-2006.txt
http://www.frsirt.com/english/advisories/2006/1316
http://secunia.com/advisories/19579/
* Platforms Affected:
Clever Copy version 3.0 and earlier versions
Any operating system Any version |
| Recommendation |
No upgrade or patch available as of April 2006.
Upgrade to a version of Clever Copy greater than 3.0, when new fixed version becomes available from the Clever Copy Download Web site at http://clevercopy.bestdirectbuy.com/downloads.php
As a workaround, restrict access to Clever Copy's admin directory with an ".htaccess" file. |
| Related URL |
CVE-2006-1718 (CVE) |
| Related URL |
17461 (SecurityFocus) |
| Related URL |
25720 (ISS) |
|
