Details of VAR-200403-0128

ID

VAR-200403-0128

CVE

CVE-2004-1839

TITLE

PHP-Nuke MS-Analysis Module Multiple Remote Path Disclosure Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200403-095

DESCRIPTION

MS Analysis module 2.0 for PHP-Nuke allows remote attackers to obtain sensitive information via a direct request to (1) browsers.php, (2) mstrack.php, or (3) title.php, which reveal the full path in a PHP error message. Reportedly MS-Analysis is prone to a remote information disclosure vulnerability. This issue is due to a design error that displays sensitive system information when certain errors are triggered. The problem presents itself when an error condition is triggered in all scripts residing in the 'scripts' directory of the MS-Analysis directory. It has also been reported that this issue affects the 'mstrack.php' and 'title.php' scripts in the MS-Analysis root directory. These issues may be leveraged to gain sensitive information about the affected system potentially aiding an attacker in mounting further attacks. Version 2.0 of the MS Analysis module of PHP-Nuke is vulnerable. This vulnerability discloses the full path in the PHP error message

Trust: 1.26

sources: NVD: CVE-2004-1839 // BID: 9946 // VULHUB: VHN-10268

AFFECTED PRODUCTS

vendor:	francisco burzi	model:	php-nuke	scope:	eq	version:	6.7	Trust: 1.6
vendor:	francisco burzi	model:	php-nuke	scope:	eq	version:	6.9	Trust: 1.6
vendor:	francisco burzi	model:	php-nuke	scope:	eq	version:	7.0	Trust: 1.6
vendor:	francisco burzi	model:	php-nuke	scope:	eq	version:	6.6	Trust: 1.6
vendor:	francisco burzi	model:	php-nuke	scope:	eq	version:	6.5_rc2	Trust: 1.6
vendor:	francisco burzi	model:	php-nuke	scope:	eq	version:	6.5_rc3	Trust: 1.6
vendor:	francisco burzi	model:	php-nuke	scope:	eq	version:	6.5_rc1	Trust: 1.6
vendor:	francisco burzi	model:	php-nuke	scope:	eq	version:	6.5_beta1	Trust: 1.6
vendor:	francisco burzi	model:	php-nuke	scope:	eq	version:	6.5_final	Trust: 1.6
vendor:	francisco burzi	model:	php-nuke	scope:	eq	version:	7.0_final	Trust: 1.6
vendor:	francisco burzi	model:	php-nuke	scope:	eq	version:	6.5	Trust: 1.0
vendor:	ms analysis	model:	website traffic analyzer	scope:	eq	version:	2.0	Trust: 0.3

sources: BID: 9946 // CNNVD: CNNVD-200403-095 // NVD: CVE-2004-1839

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2004-1839
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200403-095
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-10268
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2004-1839
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-10268
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-10268 // CNNVD: CNNVD-200403-095 // NVD: CVE-2004-1839

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2004-1839

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200403-095

TYPE

Design Error

Trust: 0.9

sources: BID: 9946 // CNNVD: CNNVD-200403-095

EXTERNAL IDS

db:	BID	id:	9946	Trust: 2.0
db:	NVD	id:	CVE-2004-1839	Trust: 1.7
db:	CNNVD	id:	CNNVD-200403-095	Trust: 0.7
db:	BUGTRAQ	id:	20040322 [WARAXE-2004-SA#011 MULTIPLE VULNERABILITIES IN MS ANALYSIS V2.0 MODULE FOR PHPNUKE]	Trust: 0.6
db:	VULHUB	id:	VHN-10268	Trust: 0.1

sources: VULHUB: VHN-10268 // BID: 9946 // CNNVD: CNNVD-200403-095 // NVD: CVE-2004-1839

REFERENCES

url:	http://www.securityfocus.com/bid/9946	Trust: 1.7
url:	http://marc.info/?l=bugtraq&m=108006319730976&w=2	Trust: 1.0
url:	http://marc.theaimsgroup.com/?l=bugtraq&m=108006319730976&w=2	Trust: 0.6
url:	http://www.matyscripts.com/modules.php?name=matyfront&pageoverview=1	Trust: 0.3
url:	http://www.irannuke.com/	Trust: 0.3
url:	/archive/1/358325	Trust: 0.3
url:	http://marc.info/?l=bugtraq&m=108006319730976&w=2	Trust: 0.1

sources: VULHUB: VHN-10268 // BID: 9946 // CNNVD: CNNVD-200403-095 // NVD: CVE-2004-1839

CREDITS

Janek Vind

Trust: 0.6

sources: CNNVD: CNNVD-200403-095

SOURCES

db:	VULHUB	id:	VHN-10268
db:	BID	id:	9946
db:	CNNVD	id:	CNNVD-200403-095
db:	NVD	id:	CVE-2004-1839

LAST UPDATE DATE

2024-08-14T14:23:05.738000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-10268	date:	2016-10-18T00:00:00
db:	BID	id:	9946	date:	2004-03-22T00:00:00
db:	CNNVD	id:	CNNVD-200403-095	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2004-1839	date:	2016-10-18T03:01:25.357

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-10268	date:	2004-03-22T00:00:00
db:	BID	id:	9946	date:	2004-03-22T00:00:00
db:	CNNVD	id:	CNNVD-200403-095	date:	2004-03-22T00:00:00
db:	NVD	id:	CVE-2004-1839	date:	2004-03-22T05:00:00