Vulnerability Name:
CVE-2005-1024 (CCN-44980)
Assigned:
2005-04-03
Published:
2005-04-03
Updated:
2017-07-11
Summary:
modules.php in PHP-Nuke 6.x to 7.6 allows remote attackers to obtain sensitive information via a direct request to (1) my_headlines, (2) userinfo, or (3) search, which reveals the path in a PHP error message.
CVSS v3 Severity:
5.3 Medium
(CCN CVSS v3.1 Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
)
Exploitability Metrics:
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope:
Scope (S):
Unchanged
Impact Metrics:
Confidentiality (C):
Low
Integrity (I):
None
Availibility (A):
None
CVSS v2 Severity:
5.0 Medium
(CVSS v2 Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N
)
4.3 Medium
(Temporal CVSS v2 Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N/E:H/RL:OF/RC:C
)
Exploitability Metrics:
Access Vector (AV):
Network
Access Complexity (AC):
Low
Authentication (Au):
None
Impact Metrics:
Confidentiality (C):
Partial
Integrity (I):
None
Availibility (A):
None
5.0 Medium
(CCN CVSS v2 Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N
)
4.3 Medium
(CCN Temporal CVSS v2 Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N/E:H/RL:OF/RC:C
)
Exploitability Metrics:
Access Vector (AV):
Network
Access Complexity (AC):
Low
Athentication (Au):
None
Impact Metrics:
Confidentiality (C):
Partial
Integrity (I):
None
Availibility (A):
None
Vulnerability Type:
CWE-Other
Vulnerability Consequences:
Obtain Information
References:
Source: CCN
Type: BugTraq Mailing List, Mon Apr 04 2005 - 16:50:25 CDT
PhpNuke 7.6=>x Multiple vulnerabilities cXIb8O3.12
Source: CCN
Type: BugTraq Mailing List, Sun Apr 03 2005 - 16:17:23 CDT
Full path disclosure and XSS in PHPNuke
Source: MITRE
Type: CNA
CVE-2005-1024
Source: BUGTRAQ
Type: UNKNOWN
20050403 Full path disclosure and XSS in PHPNuke
Source: CCN
Type: OSVDB ID: 15418
PHP-Nuke Encyclopedia Module Path Disclosure
Source: CCN
Type: PHP-Nuke Web site
PHP-Nuke
Source: CCN
Type: SecurityReason-2005-SRA#04
Full path disclosure and XSS in PHPNuke
Source: MISC
Type: Exploit, Patch, Vendor Advisory
http://www.securityreason.com/adv/PHPNuke%206.x-7.6-p1.txt
Source: XF
Type: UNKNOWN
phpnuke-modulesphp-path-disclosure(19953)
Source: XF
Type: UNKNOWN
phpnuke-myheadlines-path-disclosure(44980)
Source: XF
Type: UNKNOWN
phpnuke-myheadlines-path-disclosure(44980)
Vulnerable Configuration:
Configuration 1
:
cpe:/a:francisco_burzi:php-nuke:6.0:*:*:*:*:*:*:*
OR
cpe:/a:francisco_burzi:php-nuke:6.5:*:*:*:*:*:*:*
OR
cpe:/a:francisco_burzi:php-nuke:6.5_beta1:*:*:*:*:*:*:*
OR
cpe:/a:francisco_burzi:php-nuke:6.5_final:*:*:*:*:*:*:*
OR
cpe:/a:francisco_burzi:php-nuke:6.5_rc1:*:*:*:*:*:*:*
OR
cpe:/a:francisco_burzi:php-nuke:6.5_rc2:*:*:*:*:*:*:*
OR
cpe:/a:francisco_burzi:php-nuke:6.5_rc3:*:*:*:*:*:*:*
OR
cpe:/a:francisco_burzi:php-nuke:6.6:*:*:*:*:*:*:*
OR
cpe:/a:francisco_burzi:php-nuke:6.7:*:*:*:*:*:*:*
OR
cpe:/a:francisco_burzi:php-nuke:6.9:*:*:*:*:*:*:*
OR
cpe:/a:francisco_burzi:php-nuke:7.0:*:*:*:*:*:*:*
OR
cpe:/a:francisco_burzi:php-nuke:7.0_final:*:*:*:*:*:*:*
OR
cpe:/a:francisco_burzi:php-nuke:7.1:*:*:*:*:*:*:*
OR
cpe:/a:francisco_burzi:php-nuke:7.2:*:*:*:*:*:*:*
OR
cpe:/a:francisco_burzi:php-nuke:7.3:*:*:*:*:*:*:*
OR
cpe:/a:francisco_burzi:php-nuke:7.4:*:*:*:*:*:*:*
OR
cpe:/a:francisco_burzi:php-nuke:7.5:*:*:*:*:*:*:*
OR
cpe:/a:francisco_burzi:php-nuke:7.6:*:*:*:*:*:*:*
Configuration CCN 1
:
cpe:/a:phpnuke:php-nuke:6.0:*:*:*:*:*:*:*
OR
cpe:/a:phpnuke:php-nuke:6.7:*:*:*:*:*:*:*
OR
cpe:/a:phpnuke:php-nuke:7.0:*:*:*:*:*:*:*
OR
cpe:/a:phpnuke:php-nuke:7.4:*:*:*:*:*:*:*
OR
cpe:/a:phpnuke:php-nuke:7.6:*:*:*:*:*:*:*
OR
cpe:/a:phpnuke:php-nuke:7.5:*:*:*:*:*:*:*
OR
cpe:/a:phpnuke:php-nuke:6.5:*:*:*:*:*:*:*
OR
cpe:/a:phpnuke:php-nuke:7.1:*:*:*:*:*:*:*
OR
cpe:/a:phpnuke:php-nuke:7.2:*:*:*:*:*:*:*
OR
cpe:/a:phpnuke:php-nuke:7.3:*:*:*:*:*:*:*
OR
cpe:/a:phpnuke:php-nuke:6.6:*:*:*:*:*:*:*
OR
cpe:/a:phpnuke:php-nuke:6.9:*:*:*:*:*:*:*
Denotes that component is vulnerable
BACK
francisco_burzi
php-nuke 6.0
francisco_burzi
php-nuke 6.5
francisco_burzi
php-nuke 6.5_beta1
francisco_burzi
php-nuke 6.5_final
francisco_burzi
php-nuke 6.5_rc1
francisco_burzi
php-nuke 6.5_rc2
francisco_burzi
php-nuke 6.5_rc3
francisco_burzi
php-nuke 6.6
francisco_burzi
php-nuke 6.7
francisco_burzi
php-nuke 6.9
francisco_burzi
php-nuke 7.0
francisco_burzi
php-nuke 7.0_final
francisco_burzi
php-nuke 7.1
francisco_burzi
php-nuke 7.2
francisco_burzi
php-nuke 7.3
francisco_burzi
php-nuke 7.4
francisco_burzi
php-nuke 7.5
francisco_burzi
php-nuke 7.6
phpnuke
php-nuke 6.0
phpnuke
php-nuke 6.7
phpnuke
php-nuke 7.0
phpnuke
php-nuke 7.4
phpnuke
php-nuke 7.6
phpnuke
php-nuke 7.5
phpnuke
php-nuke 6.5
phpnuke
php-nuke 7.1
phpnuke
php-nuke 7.2
phpnuke
php-nuke 7.3
phpnuke
php-nuke 6.6
phpnuke
php-nuke 6.9