Sign-up

ID

VAR-200312-0469


CVE

CVE-2003-1468


TITLE

PHP-Nuke Web_Links Module path leak vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200312-377

DESCRIPTION

The Web_Links module in PHP-Nuke 6.0 through 6.5 final allows remote attackers to obtain the full web server path via an invalid cid parameter that is non-numeric or null, which leaks the pathname in an error message. The Web_Links module for PHP-Nuke has been reported prone to a vulnerability which, when exploited, may disclose sensitive path information to a remote attacker. An attacker may use the information gathered in this manner to mount further attacks against the host. It should be noted that although PHP-Nuke version 6.x has been reported vulnerable, other versions might also be affected. There is a vulnerability in the Web_Links module of PHP-Nuke versions 6.0 to 6.5 Ultimate

Trust: 1.26

sources: NVD: CVE-2003-1468 // BID: 7589 // VULHUB: VHN-8293

AFFECTED PRODUCTS

vendor:francisco burzimodel:php-nukescope:eqversion:6.0

Trust: 1.6

vendor:francisco burzimodel:php-nukescope:eqversion:6.5_rc2

Trust: 1.6

vendor:francisco burzimodel:php-nukescope:eqversion:6.5_rc3

Trust: 1.6

vendor:francisco burzimodel:php-nukescope:eqversion:6.5_rc1

Trust: 1.6

vendor:francisco burzimodel:php-nukescope:eqversion:6.5

Trust: 1.6

vendor:francisco burzimodel:php-nukescope:eqversion:6.5_beta1

Trust: 1.6

vendor:francisco burzimodel:php-nukescope:eqversion:6.5_final

Trust: 1.6

vendor:franciscomodel:burzi php-nuke rc3scope:eqversion:6.5

Trust: 0.3

vendor:franciscomodel:burzi php-nuke rc2scope:eqversion:6.5

Trust: 0.3

vendor:franciscomodel:burzi php-nuke rc1scope:eqversion:6.5

Trust: 0.3

vendor:franciscomodel:burzi php-nuke finalscope:eqversion:6.5

Trust: 0.3

vendor:franciscomodel:burzi php-nuke betascope:eqversion:6.51

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:6.5

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:6.0

Trust: 0.3

sources: BID: 7589 // CNNVD: CNNVD-200312-377 // NVD: CVE-2003-1468

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2003-1468
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-200312-377
value: MEDIUM

Trust: 0.6

VULHUB: VHN-8293
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2003-1468
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-8293
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-8293 // CNNVD: CNNVD-200312-377 // NVD: CVE-2003-1468

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.1

sources: VULHUB: VHN-8293 // NVD: CVE-2003-1468

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200312-377

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-200312-377

EXPLOIT AVAILABILITY

sources:
            
            
            VULHUB: VHN-8293

EXTERNAL IDS
db:BIDid:7589
Trust: 2.0
db:NVDid:CVE-2003-1468
Trust: 1.7
db:CNNVDid:CNNVD-200312-377
Trust: 0.7
db:XFid:12436
Trust: 0.6
db:BUGTRAQid:20030512 RE: LOT OF SQL INJECTION ON PHP-NUKE 6.5 (SECURE WEBLOG!)
Trust: 0.6
db:EXPLOIT-DBid:22598
Trust: 0.1
db:SEEBUGid:SSVID-76397
Trust: 0.1
db:VULHUBid:VHN-8293
Trust: 0.1
sources:
            
            
            VULHUB: VHN-8293 // 
            
            
            
            BID: 7589 // 
            
            
            
            CNNVD: CNNVD-200312-377 // 
            
            
            
            NVD: CVE-2003-1468

REFERENCES
url:http://www.securityfocus.com/bid/7589
Trust: 1.7
url:http://www.securityfocus.com/archive/1/321313
Trust: 1.7
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/12436
Trust: 1.1
url:http://xforce.iss.net/xforce/xfdb/12436
Trust: 0.6
url:http://www.irannuke.com/
Trust: 0.3
url:/archive/1/321313
Trust: 0.3
sources:
            
            
            VULHUB: VHN-8293 // 
            
            
            
            BID: 7589 // 
            
            
            
            CNNVD: CNNVD-200312-377 // 
            
            
            
            NVD: CVE-2003-1468

CREDITS
Discovery of this vulnerability has been credited to Rynho Zeros Web <hackargentino@gmx.net>.
Trust: 0.9
sources:
            
            
            BID: 7589 // 
            
            
            
            CNNVD: CNNVD-200312-377

SOURCES
db:VULHUBid:VHN-8293
db:BIDid:7589
db:CNNVDid:CNNVD-200312-377
db:NVDid:CVE-2003-1468

LAST UPDATE DATE
2024-08-14T14:29:29.293000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-8293date:2017-07-29T00:00:00
db:BIDid:7589date:2003-05-13T00:00:00
db:CNNVDid:CNNVD-200312-377date:2003-12-31T00:00:00
db:NVDid:CVE-2003-1468date:2017-07-29T01:29:13.263

SOURCES RELEASE DATE
db:VULHUBid:VHN-8293date:2003-12-31T00:00:00
db:BIDid:7589date:2003-05-13T00:00:00
db:CNNVDid:CNNVD-200312-377date:2003-12-31T00:00:00
db:NVDid:CVE-2003-1468date:2003-12-31T05:00:00