Details of VAR-200407-0028

ID

VAR-200407-0028

CVE

CVE-2004-0736

TITLE

Php-Nuke Information disclosure vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200407-061

DESCRIPTION

The search module in Php-Nuke allows remote attackers to gain sensitive information via the (1) "**" or (2) "+" search patterns, which reveals the path in an error message. PHP-Nuke is prone to a information disclosure vulnerability. There is a vulnerability in Php-Nuke's search module

Trust: 1.26

sources: NVD: CVE-2004-0736 // BID: 90578 // VULHUB: VHN-9166

AFFECTED PRODUCTS

vendor:	francisco burzi	model:	php-nuke	scope:	eq	version:	8.0_final	Trust: 1.6
vendor:	francisco	model:	burzi php-nuke final	scope:	eq	version:	8.0	Trust: 0.3

sources: BID: 90578 // CNNVD: CNNVD-200407-061 // NVD: CVE-2004-0736

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2004-0736
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200407-061
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-9166
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2004-0736
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-9166
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-9166 // CNNVD: CNNVD-200407-061 // NVD: CVE-2004-0736

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2004-0736

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200407-061

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200407-061

EXTERNAL IDS

db:	NVD	id:	CVE-2004-0736	Trust: 2.0
db:	XF	id:	16736	Trust: 0.9
db:	CNNVD	id:	CNNVD-200407-061	Trust: 0.7
db:	BUGTRAQ	id:	20040718 [WARAXE-2004-SA#036 - MULTIPLE SECURITY HOLES IN PHPNUKE - PART 3]	Trust: 0.6
db:	BID	id:	90578	Trust: 0.4
db:	VULHUB	id:	VHN-9166	Trust: 0.1

sources: VULHUB: VHN-9166 // BID: 90578 // CNNVD: CNNVD-200407-061 // NVD: CVE-2004-0736

REFERENCES

url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/16736	Trust: 1.1
url:	http://marc.info/?l=bugtraq&m=109026609504767&w=2	Trust: 1.0
url:	http://marc.theaimsgroup.com/?l=bugtraq&m=109026609504767&w=2	Trust: 0.9
url:	http://xforce.iss.net/xforce/xfdb/16736	Trust: 0.9
url:	http://marc.info/?l=bugtraq&m=109026609504767&w=2	Trust: 0.1

sources: VULHUB: VHN-9166 // BID: 90578 // CNNVD: CNNVD-200407-061 // NVD: CVE-2004-0736

CREDITS

Unknown

Trust: 0.3

sources: BID: 90578

SOURCES

db:	VULHUB	id:	VHN-9166
db:	BID	id:	90578
db:	CNNVD	id:	CNNVD-200407-061
db:	NVD	id:	CVE-2004-0736

LAST UPDATE DATE

2024-08-14T13:40:15.884000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-9166	date:	2017-07-11T00:00:00
db:	BID	id:	90578	date:	2004-07-27T00:00:00
db:	CNNVD	id:	CNNVD-200407-061	date:	2005-10-20T00:00:00
db:	NVD	id:	CVE-2004-0736	date:	2017-07-11T01:30:25.637

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-9166	date:	2004-07-27T00:00:00
db:	BID	id:	90578	date:	2004-07-27T00:00:00
db:	CNNVD	id:	CNNVD-200407-061	date:	2004-07-27T00:00:00
db:	NVD	id:	CVE-2004-0736	date:	2004-07-27T04:00:00