exploitDog

CVE-2005-1698

Опубликовано: 24 мая 2005

Источник: nvd

CVSS2: 5

EPSS Низкий

Описание

PostNuke 0.750 and 0.760RC3 allows remote attackers to obtain sensitive information via a direct request to (1) theme.php or (2) Xanthia.php in the Xanthia module, (3) user.php, (4) thelang.php, (5) text.php, (6) html.php, (7) menu.php, (8) finclude.php, or (9) button.php in the pnblocks directory in the Blocks module, (10) config.php in the NS-Multisites (aka Multisites) module, or (11) xmlrpc.php, which reveals the path in an error message.

Ссылки

http://marc.info/?l=bugtraq&m=111670506926649&w=2
Third Party Advisory
http://marc.info/?l=bugtraq&m=111670506926649&w=2
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:postnuke:postnuke:0.750:*:*:*:*:*:*:*

cpe:2.3:a:postnuke:postnuke:0.760:rc3:*:*:*:*:*:*

EPSS

Процентиль: 55%

0.00319

Низкий

5 Medium

CVSS2

Дефекты

CWE-425

Связанные уязвимости

GHSA-hhhx-jq47-9gv3

github

почти 4 года назад

PostNuke 0.750 and 0.760RC3 allows remote attackers to obtain sensitive information via a direct request to (1) theme.php or (2) Xanthia.php in the Xanthia module, (3) user.php, (4) thelang.php, (5) text.php, (6) html.php, (7) menu.php, (8) finclude.php, or (9) button.php in the pnblocks directory in the Blocks module, (10) config.php in the NS-Multisites (aka Multisites) module, or (11) xmlrpc.php, which reveals the path in an error message.

EPSS

Процентиль: 55%

0.00319

Низкий

5 Medium

CVSS2

Дефекты

CWE-425