Description
Unparsed web content delivery vulnerability in WIKINDX before 0.9.9g allows remote attackers to obtain sensitive information via a direct HTTP request to the config.inc file.
Product(s):
- Wikindx Wikindx 0.9.1
- Wikindx 0.9.2
- Wikindx 0.9.3
- Wikindx 0.9.4
- Wikindx 0.9.5
- Wikindx 0.9.6
- Wikindx 0.9.7
- Wikindx 0.9.8
- Wikindx 0.9.9
- Wikindx 0.9.9b
- Wikindx 0.9.9c
- Wikindx 0.9.9d
- Wikindx 0.9.9e
- Wikindx 0.9.9f
Question to Ask Vendors:
- Can you confirm whether your systems are affected by CVE-2004-2506, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2004-2506 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions:
- Check out the advisory links provided below.