Vigil@nce - SPIP: obtaining the installation path via filtres_images
October 2011 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use an invalid query, in order to generate an
error which displays the installation path of SPIP.
Severity: 1/4
Creation date: 27/10/2011
IMPACTED PRODUCTS
– SPIP
DESCRIPTION OF THE VULNERABILITY
The filtres_images and porte_plume extensions of SPIP use PHP
files, which are conceived to be included from other PHP files.
However, if these files are directly called via an HTTP query,
some variables are not initialized, and an error message is
displayed if the "display_errors" directive of PHP is set. This
error message contains the full installation path of these files.
An attacker can therefore use an invalid query, in order to
generate an error which displays the installation path of SPIP.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/SPIP-obtaining-the-installation-path-via-filtres-images-11101