Description
Just another flat file (JAF) CMS before 3.0 Final allows remote attackers to obtain sensitive information via (1) an * (asterisk) in the id parameter, (2) a blank id parameter, or (3) an * (asterisk) in the disp parameter to index.php, which reveals the path in an error message. NOTE: a followup suggests that this may be a directory traversal or file inclusion vulnerability.
Product(s):
- Salim's Softhouse JAF CMS 1.0 Final
- Salims Softhouse JAF CMS 1.5
- Salims Softhouse JAF CMS 2.0.5
- Salims Softhouse JAF CMS 2.0 Beta
- Salims Softhouse JAF CMS 2.0 Final
- Salims Softhouse JAF CMS 2.1.0
- Salims Softhouse JAF CMS 2.5
- Salims Softhouse JAF CMS 3.0 RC2
- Salims Softhouse JAF CMS 3.0 RC
- Salims Softhouse JAF CMS 3.0 RC Fixed
Question to Ask Vendors:
- Can you confirm whether your systems are affected by CVE-2005-2053, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2005-2053 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions:
- Check out the advisory links provided below.