Sensitive Information Disclosure in TOPo 1.43 via Invalid Parameter in.php and out.php

Sensitive Information Disclosure in TOPo 1.43 via Invalid Parameter in.php and out.php

CVE-2003-1409 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

TOPo 1.43 allows remote attackers to obtain sensitive information by sending an HTTP request with an invalid parameter to (1) in.php or (2) out.php, which reveals the path to the TOPo directory in the error message.

Learn more about our Web Application Penetration Testing UK.