Описание
PHPX 3.2.6 and earlier allows remote attackers to obtain the physical path of PHPX via a null or invalid value in the limit parameter, which leaks the pathname in a database error message, as demonstrated using forums.php.
Ссылки
- PatchURL Repurposed
- ExploitVendor Advisory
- PatchURL Repurposed
- ExploitVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:phpx:phpx:1.0.7:*:*:*:*:*:*:*
cpe:2.3:a:phpx:phpx:1.0.10:*:*:*:*:*:*:*
cpe:2.3:a:phpx:phpx:1.0.14:*:*:*:*:*:*:*
cpe:2.3:a:phpx:phpx:2.1.0:*:*:*:*:*:*:*
cpe:2.3:a:phpx:phpx:2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:phpx:phpx:2.2.1:*:*:*:*:*:*:*
cpe:2.3:a:phpx:phpx:2.2.3:*:*:*:*:*:*:*
cpe:2.3:a:phpx:phpx:2.2.4:*:*:*:*:*:*:*
cpe:2.3:a:phpx:phpx:3.0.0:*:*:*:*:*:*:*
cpe:2.3:a:phpx:phpx:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:phpx:phpx:3.0.2:*:*:*:*:*:*:*
cpe:2.3:a:phpx:phpx:3.0.3:*:*:*:*:*:*:*
cpe:2.3:a:phpx:phpx:3.0.4:*:*:*:*:*:*:*
cpe:2.3:a:phpx:phpx:3.0.5:*:*:*:*:*:*:*
cpe:2.3:a:phpx:phpx:3.0.6:*:*:*:*:*:*:*
cpe:2.3:a:phpx:phpx:3.0.7:*:*:*:*:*:*:*
cpe:2.3:a:phpx:phpx:3.1.0:*:*:*:*:*:*:*
cpe:2.3:a:phpx:phpx:3.1.1:*:*:*:*:*:*:*
cpe:2.3:a:phpx:phpx:3.1.2:*:*:*:*:*:*:*
cpe:2.3:a:phpx:phpx:3.1.3:*:*:*:*:*:*:*
cpe:2.3:a:phpx:phpx:3.1.4:*:*:*:*:*:*:*
cpe:2.3:a:phpx:phpx:3.2.0:*:*:*:*:*:*:*
cpe:2.3:a:phpx:phpx:3.2.1:*:*:*:*:*:*:*
cpe:2.3:a:phpx:phpx:3.2.2:*:*:*:*:*:*:*
cpe:2.3:a:phpx:phpx:3.2.3:*:*:*:*:*:*:*
cpe:2.3:a:phpx:phpx:3.2.4:*:*:*:*:*:*:*
cpe:2.3:a:phpx:phpx:3.2.5:*:*:*:*:*:*:*
cpe:2.3:a:phpx:phpx:3.2.6:*:*:*:*:*:*:*
EPSS
Процентиль: 75%
0.00902
Низкий
5 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
почти 4 года назад
PHPX 3.2.6 and earlier allows remote attackers to obtain the physical path of PHPX via a null or invalid value in the limit parameter, which leaks the pathname in a database error message, as demonstrated using forums.php.
EPSS
Процентиль: 75%
0.00902
Низкий
5 Medium
CVSS2
Дефекты
NVD-CWE-Other