Sign-up

ID

VAR-200208-0193


CVE

CVE-2002-0483


TITLE

PHP-Nuke Error message WEBROOT Path information disclosure vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200208-235

DESCRIPTION

index.php for PHP-Nuke 5.4 and earlier allows remote attackers to determine the physical pathname of the web server when the file parameter is set to index.php, which triggers an error message that leaks the pathname. PHP-Nuke is a popular web based Portal system. It allows users to create accounts and contribute content to the site. A vulnerability has been reported in some versions of PHP-Nuke. Reportedly, a maliciously constructed HTTP request will cause the index.php script to return an error message which includes the full path of the script. It has been suggested that this is the result of an insecure server configuration. It can run under Unix and Linux operating systems, and can also run under Microsoft Windows operating systems. PHP-Nuke may leak absolute paths due to problems in handling some wrong WEB requests. Attackers can use this information to carry out further attacks on the target system

Trust: 1.26

sources: NVD: CVE-2002-0483 // BID: 4333 // VULHUB: VHN-4876

AFFECTED PRODUCTS

vendor:francisco burzimodel:php-nukescope:eqversion:5.2

Trust: 1.6

vendor:francisco burzimodel:php-nukescope:eqversion:5.1

Trust: 1.6

vendor:francisco burzimodel:php-nukescope:eqversion:5.0

Trust: 1.6

vendor:francisco burzimodel:php-nukescope:eqversion:5.0.1

Trust: 1.6

vendor:francisco burzimodel:php-nukescope:eqversion:5.4

Trust: 1.6

vendor:francisco burzimodel:php-nukescope:eqversion:5.3.1

Trust: 1.6

vendor:francisco burzimodel:php-nukescope:eqversion:5.2a

Trust: 1.6

vendor:franciscomodel:burzi php-nukescope:eqversion:5.4

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:5.3.1

Trust: 0.3

vendor:franciscomodel:burzi php-nuke ascope:eqversion:5.2

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:5.2

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:5.1

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:5.0.1

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:5.0

Trust: 0.3

sources: BID: 4333 // CNNVD: CNNVD-200208-235 // NVD: CVE-2002-0483

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2002-0483
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-200208-235
value: MEDIUM

Trust: 0.6

VULHUB: VHN-4876
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2002-0483
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-4876
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-4876 // CNNVD: CNNVD-200208-235 // NVD: CVE-2002-0483

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2002-0483

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200208-235

TYPE

Configuration Error

Trust: 0.9

sources: BID: 4333 // CNNVD: CNNVD-200208-235

EXPLOIT AVAILABILITY

sources:
            
            
            VULHUB: VHN-4876

EXTERNAL IDS
db:BIDid:4333
Trust: 2.0
db:NVDid:CVE-2002-0483
Trust: 2.0
db:CNNVDid:CNNVD-200208-235
Trust: 0.7
db:XFid:8618
Trust: 0.6
db:BUGTRAQid:20020320 FW: PHPNUKE 5.4 PATH DISCLOSURE VULNERABILITY?
Trust: 0.6
db:EXPLOIT-DBid:21349
Trust: 0.1
db:SEEBUGid:SSVID-75176
Trust: 0.1
db:VULHUBid:VHN-4876
Trust: 0.1
sources:
            
            
            VULHUB: VHN-4876 // 
            
            
            
            BID: 4333 // 
            
            
            
            CNNVD: CNNVD-200208-235 // 
            
            
            
            NVD: CVE-2002-0483

REFERENCES
url:http://www.securityfocus.com/bid/4333
Trust: 2.7
url:http://online.securityfocus.com/archive/1/263337
Trust: 2.7
url:http://www.iss.net/security_center/static/8618.php
Trust: 2.7
sources:
            
            
            VULHUB: VHN-4876 // 
            
            
            
            CNNVD: CNNVD-200208-235 // 
            
            
            
            NVD: CVE-2002-0483

CREDITS
godminus※ godminus@owns.com
Trust: 0.6
sources:
            
            
            CNNVD: CNNVD-200208-235

SOURCES
db:VULHUBid:VHN-4876
db:BIDid:4333
db:CNNVDid:CNNVD-200208-235
db:NVDid:CVE-2002-0483

LAST UPDATE DATE
2024-11-22T23:07:00.518000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-4876date:2008-09-05T00:00:00
db:BIDid:4333date:2009-07-11T11:56:00
db:CNNVDid:CNNVD-200208-235date:2005-10-20T00:00:00
db:NVDid:CVE-2002-0483date:2024-11-20T23:39:11.917

SOURCES RELEASE DATE
db:VULHUBid:VHN-4876date:2002-08-12T00:00:00
db:BIDid:4333date:2002-03-21T00:00:00
db:CNNVDid:CNNVD-200208-235date:2002-03-21T00:00:00
db:NVDid:CVE-2002-0483date:2002-08-12T04:00:00