| Vulnerability Name: | CVE-2005-1001 (CCN-19953) | ||||||||
| Assigned: | 2005-04-03 | ||||||||
| Published: | 2005-04-03 | ||||||||
| Updated: | 2017-07-11 | ||||||||
| Summary: | PHP-Nuke 7.6 allows remote attackers to obtain sensitive information via direct requests to (1) the Surveys module with the file parameter set to comments or (2) 3D-Fantasy/theme.php, which leaks the full pathname of the web server in a PHP error message. | ||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
| ||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N) 4.3 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:H/RL:OF/RC:C)
4.3 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:H/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||
| References: | Source: BUGTRAQ Type: Exploit, Patch, Vendor Advisory 20050404 [SECURITYREASON.COM] PhpNuke 7.6=>x Multiple vulnerabilities cXIb8O3.12 Source: CCN Type: BugTraq Mailing List, Mon Apr 04 2005 - 16:50:25 CDT PhpNuke 7.6=>x Multiple vulnerabilities cXIb8O3.12 Source: CCN Type: BugTraq Mailing List, Sun Apr 03 2005 - 16:17:23 CDT Full path disclosure and XSS in PHPNuke Source: MITRE Type: CNA CVE-2005-1001 Source: CCN Type: OSVDB ID: 15401 PHP-Nuke Surveys Module Multiple Parameter Path Disclosure Source: CCN Type: OSVDB ID: 15402 PHP-Nuke 3D-Fantasy theme.php Path Disclosure Source: CCN Type: PHP-Nuke Web site PHP-Nuke Source: CCN Type: SecurityReason-2005-SRA#04 Full path disclosure and XSS in PHPNuke Source: XF Type: UNKNOWN phpnuke-surveys-theme-path-disclosure(19953) Source: XF Type: UNKNOWN phpnuke-modulesphp-path-disclosure(19953) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||