Secunia Security Advisory SA11394 - A vulnerability in WIKINDX allows remote attackers the ability to read the configuration file.
ee342545e2df7fd12434bdc4d699fb5898e616061e3500f5199f9bdce38ebf41
TITLE:
WIKINDX Exposure of Configuration File
SECUNIA ADVISORY ID:
SA11394
VERIFY ADVISORY:
http://secunia.com/advisories/11394/
CRITICAL:
Less critical
IMPACT:
Exposure of sensitive information
WHERE:
>From remote
SOFTWARE:
WIKINDX 0.x
DESCRIPTION:
Daniel Pozzi has reported a vulnerability in WIKINDX, allowing
malicious people to view the configuration file.
The configuration file was accessible via HTTP using the name
"config.inc".
Another potential input validation issue has also been reported.
This affects versions prior to 0.9.9g.
SOLUTION:
Update to version 0.9.9g:
http://sourceforge.net/project/showfiles.php?group_id=94435&package_id=109093&release_id=231421
PROVIDED AND/OR DISCOVERED BY:
Daniel Pozzi
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------