N/A

LifeType 1.0.x and 1.1.x have insufficient access control for all of the PHP scripts under (1) class/ and (2) plugins/, which allows remote attackers to obtain the installation path via a direct request to any of the scripts, as demonstrated by (a) bayesianfilter.class.php and (b) bootstrap.php, which leaks the path in an error message.

N/A

N/A

LifeType 'class/和plugins/' 安全信息泄露漏洞

LifeType存在安全信息泄露漏洞。(1)class/和(2)plugins/下的PHP脚本未采取足够访问控制，远程攻击者可通过直接请求其中任意脚本来获取安装路径，如通过(a)bayesianfilter.class.php和(b)bootstrap.php，导致系统在出错消息内泄露路径。

N/A

N/A