exploitDog

CVE-2005-4880

Опубликовано: 31 мар. 2009

Источник: nvd

CVSS2: 5

EPSS Низкий

Описание

Jax Guestbook 3.1 and 3.31 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain IP addresses of users via a direct request to (1) guestbook, (2) guestbook_ips2block, (3) ips2block, and (4) formmailer/logfile.csv.

Ссылки

http://lostmon.blogspot.com/2005/08/jax-php-scripts-multiple.html
Exploit
http://secunia.com/advisories/16337
Vendor Advisory
http://lostmon.blogspot.com/2005/08/jax-php-scripts-multiple.html
Exploit
http://secunia.com/advisories/16337
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:jax_scripts:jax_guestbook:3.1:*:*:*:*:*:*:*

cpe:2.3:a:jax_scripts:jax_guestbook:3.3.1:*:*:*:*:*:*:*

EPSS

Процентиль: 83%

0.01983

Низкий

5 Medium

CVSS2

Дефекты

CWE-264

Связанные уязвимости

GHSA-r8xv-6hx2-jxhm

github

почти 4 года назад

Jax Guestbook 3.1 and 3.31 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain IP addresses of users via a direct request to (1) guestbook, (2) guestbook_ips2block, (3) ips2block, and (4) formmailer/logfile.csv.

EPSS

Процентиль: 83%

0.01983

Низкий

5 Medium

CVSS2

Дефекты

CWE-264