CVE-2005-0433

Опубликовано: 15 фев. 2005

Источник: nvd

CVSS2: 5

EPSS Низкий

Описание

Php-Nuke 7.5 allows remote attackers to determine the full path of the web server via invalid or missing arguments to (1) db.php, (2) mainfile.php, (3) Downloads/index.php, or (4) Web_Links/index.php, which lists the path in a PHP error message.

Ссылки

http://www.securityfocus.com/bid/12561
Exploit
Vendor Advisory
http://www.waraxe.us/advisory-40.html
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/19344
http://www.securityfocus.com/bid/12561
Exploit
Vendor Advisory
http://www.waraxe.us/advisory-40.html
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/19344

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:francisco_burzi:php-nuke:6.0:*:*:*:*:*:*:*

cpe:2.3:a:francisco_burzi:php-nuke:6.5:*:*:*:*:*:*:*

cpe:2.3:a:francisco_burzi:php-nuke:6.5_beta1:*:*:*:*:*:*:*

cpe:2.3:a:francisco_burzi:php-nuke:6.5_final:*:*:*:*:*:*:*

cpe:2.3:a:francisco_burzi:php-nuke:6.5_rc1:*:*:*:*:*:*:*

cpe:2.3:a:francisco_burzi:php-nuke:6.5_rc2:*:*:*:*:*:*:*

cpe:2.3:a:francisco_burzi:php-nuke:6.5_rc3:*:*:*:*:*:*:*

cpe:2.3:a:francisco_burzi:php-nuke:6.6:*:*:*:*:*:*:*

cpe:2.3:a:francisco_burzi:php-nuke:6.7:*:*:*:*:*:*:*

cpe:2.3:a:francisco_burzi:php-nuke:6.9:*:*:*:*:*:*:*

cpe:2.3:a:francisco_burzi:php-nuke:7.0:*:*:*:*:*:*:*

cpe:2.3:a:francisco_burzi:php-nuke:7.0_final:*:*:*:*:*:*:*

cpe:2.3:a:francisco_burzi:php-nuke:7.1:*:*:*:*:*:*:*

cpe:2.3:a:francisco_burzi:php-nuke:7.2:*:*:*:*:*:*:*

cpe:2.3:a:francisco_burzi:php-nuke:7.3:*:*:*:*:*:*:*

cpe:2.3:a:francisco_burzi:php-nuke:7.6:*:*:*:*:*:*:*

EPSS

Процентиль: 9%

0.00032

Низкий

5 Medium

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-gxv8-vjmg-j2hg

github

почти 4 года назад