Vulnerability Description: - w-agora version 4.2.1 has multiple path disclosure vulnerabilities allowing the attacker to disclose the true path of the server-side scripts. CVE: - CVE-2007-0606 Severity: - Risk: Low CVSS Metrics: - Access Vector: Remote - Access Complexity: Low - Authentication: Not required - Confidentiality Impact: Partial - Integrity Impact: None - Availability Impact: None - CVSS Base Score: 2.3 Vulnerability Impact: - Attack - Host Impact: Path disclosure Vulnerable Systems: - w-agora version 4.2.1 Vulnerability Type: - Program flaw in the delete_forum.php and index.php scripts leading to Warnings or even Fatal Errors. Vendor Status: - The vendor has been notified but has not responded. Workaround: - Set PHP register_globals to Off. - Disable warning messages or modify the .htaccess file.