Vulnerability Name: | CCN-12355 | ||||||
Published: | 2003-05-18 | ||||||
Updated: | 2003-05-18 | ||||||
Summary: | PHP-Nuke could allow a remote attacker to obtain sensitive information, caused by a vulnerability in the Sections, AvantGo, and Surveys and Downloads modules. A remote attacker could send a specially-crafted URL request to the modules.php script using a specific variable to cause the server to disclose path information. | ||||||
CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
| ||||||
CVSS v2 Severity: | 5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
| ||||||
Vulnerability Consequences: | Obtain Information | ||||||
References: | Source: CCN Type: BugTraq Mailing List, Sun May 18 2003 - 05:01:30 CDT PHP-Nuke Denial of Service attack and more SQL Injections Source: CCN Type: PHP-Nuke Web site PHP-Nuke Source: XF Type: UNKNOWN phpnuke-multiple-path-disclosure(12355) | ||||||
Vulnerable Configuration: | Configuration CCN 1:![]() | ||||||
BACK |