Info

Disclosure

Feb 15, 2005

Discovery

Feb 13, 2005

Dates

Exploit

Feb 15, 2005

Solution

Unknown

Description

MercuryBoard contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a user manipulates the index.php script and appends "&debug=1" to it. This may disclose SQL queries, files in use, web path disclosure, and templates used resulting in a loss of confidentiality.

Classification

Location: Remote / Network Access
Attack Type: Information Disclosure, Input Manipulation, Misconfiguration
Impact: Loss of Confidentiality
Exploit: Exploit Public
Disclosure: OSVDB Verified
OSVDB: Web Related

Solution

Upgrade to version 1.1.3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Mercuryboard	Mercuryboard	1.1.x
		1.0.x

References

Security Tracker: 1013626
Related OSVDB ID: 13262 13263 13264 13265 13266 13267 13764
Secunia Advisory ID: 14284
CVE ID: 2005-0460 (see also: NVD)
Other Advisory URL: http://lostmon.blogspot.com/2005/02/mercuryboard-debug-information.html

Credit

Lostmon Lords - Lostmongmail.com -

Direct URL: http://osvdb.org/13787

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Mercuryboard

Mercuryboard

References

Credit