Details of VAR-200312-0304

ID

VAR-200312-0304

CVE

CVE-2003-1526

TITLE

PHP-Nuke Search field path leak vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200312-189

DESCRIPTION

PHP-Nuke 7.0 allows remote attackers to obtain the installation path via certain characters such as (1) ", (2) ', or (3) > in the search field, which reveals the path in an error message. PHP-Nuke is prone to a path disclosure vulnerability. Path information will be displayed in error output when invalid input is supplied in search fields. This issue may be related to a number of previously reported vulnerabilities in PHP-Nuke. PHP-Nuke is a popular website creation and management tool, it can use many database software as backend, such as MySQL, PostgreSQL, mSQL, Interbase, Sybase, etc. PHP-Nuke does not properly handle search requests submitted by users. Attackers can use this information to carry out further attacks on the system

Trust: 1.26

sources: NVD: CVE-2003-1526 // BID: 8848 // VULHUB: VHN-8351

AFFECTED PRODUCTS

vendor:	francisco burzi	model:	php-nuke	scope:	eq	version:	7.0	Trust: 1.6
vendor:	francisco	model:	burzi php-nuke	scope:	eq	version:	7.0	Trust: 0.3

sources: BID: 8848 // CNNVD: CNNVD-200312-189 // NVD: CVE-2003-1526

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2003-1526
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200312-189
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-8351
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2003-1526
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-8351
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:N/I:P/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	NONE
integrityImpact:	PARTIAL
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-8351 // CNNVD: CNNVD-200312-189 // NVD: CVE-2003-1526

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.1

sources: VULHUB: VHN-8351 // NVD: CVE-2003-1526

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200312-189

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-200312-189

EXTERNAL IDS

db:	BID	id:	8848	Trust: 2.0
db:	NVD	id:	CVE-2003-1526	Trust: 1.7
db:	CNNVD	id:	CNNVD-200312-189	Trust: 0.7
db:	BUGTRAQ	id:	20031018 PHP-NUKE PATH DISCLOSURE VULNERABILITY	Trust: 0.6
db:	NSFOCUS	id:	5570	Trust: 0.6
db:	VULHUB	id:	VHN-8351	Trust: 0.1

sources: VULHUB: VHN-8351 // BID: 8848 // CNNVD: CNNVD-200312-189 // NVD: CVE-2003-1526

REFERENCES

url:	http://www.securityfocus.com/bid/8848	Trust: 1.7
url:	http://www.securityfocus.com/archive/1/341743	Trust: 1.7
url:	http://www.nsfocus.net/vulndb/5570	Trust: 0.6
url:	http://www.irannuke.com/	Trust: 0.3
url:	/archive/1/341743	Trust: 0.3

sources: VULHUB: VHN-8351 // BID: 8848 // CNNVD: CNNVD-200312-189 // NVD: CVE-2003-1526

CREDITS

Bahaa Naamneh※ b_naamneh@hotmail.com

Trust: 0.6

sources: CNNVD: CNNVD-200312-189

SOURCES

db:	VULHUB	id:	VHN-8351
db:	BID	id:	8848
db:	CNNVD	id:	CNNVD-200312-189
db:	NVD	id:	CVE-2003-1526

LAST UPDATE DATE

2024-08-14T14:59:26.458000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-8351	date:	2008-09-05T00:00:00
db:	BID	id:	8848	date:	2003-10-18T00:00:00
db:	CNNVD	id:	CNNVD-200312-189	date:	2003-12-31T00:00:00
db:	NVD	id:	CVE-2003-1526	date:	2008-09-05T20:37:10.007

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-8351	date:	2003-12-31T00:00:00
db:	BID	id:	8848	date:	2003-10-18T00:00:00
db:	CNNVD	id:	CNNVD-200312-189	date:	2003-10-18T00:00:00
db:	NVD	id:	CVE-2003-1526	date:	2003-12-31T05:00:00