Sign-up

ID

VAR-200502-0080


CVE

CVE-2005-0433


TITLE

PHP-Nuke Multiple file parameters Path information disclosure vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200502-060

DESCRIPTION

Php-Nuke 7.5 allows remote attackers to determine the full path of the web server via invalid or missing arguments to (1) db.php, (2) mainfile.php, (3) Downloads/index.php, or (4) Web_Links/index.php, which lists the path in a PHP error message. It is reported that PHP-Nuke is affected by various cross-site scripting vulnerabilities. These issues are due to a failure of the application to properly sanitize user-supplied URI input. These issues could permit a remote attacker to create a malicious URI link that includes hostile HTML and script code. If this link were to be followed, the hostile code may be rendered in the web browser of the victim user. This would occur in the security context of the affected web site and may allow for theft of cookie-based authentication credentials. PHP-Nuke is a widely popular website creation and management tool

Trust: 1.35

sources: NVD: CVE-2005-0433 // BID: 12561 // VULHUB: VHN-11642 // VULMON: CVE-2005-0433

AFFECTED PRODUCTS

vendor:francisco burzimodel:php-nukescope:eqversion:6.7

Trust: 1.6

vendor:francisco burzimodel:php-nukescope:eqversion:6.9

Trust: 1.6

vendor:francisco burzimodel:php-nukescope:eqversion:6.0

Trust: 1.6

vendor:francisco burzimodel:php-nukescope:eqversion:6.6

Trust: 1.6

vendor:francisco burzimodel:php-nukescope:eqversion:6.5_rc2

Trust: 1.6

vendor:francisco burzimodel:php-nukescope:eqversion:6.5_rc3

Trust: 1.6

vendor:francisco burzimodel:php-nukescope:eqversion:6.5_rc1

Trust: 1.6

vendor:francisco burzimodel:php-nukescope:eqversion:6.5

Trust: 1.6

vendor:francisco burzimodel:php-nukescope:eqversion:6.5_beta1

Trust: 1.6

vendor:francisco burzimodel:php-nukescope:eqversion:6.5_final

Trust: 1.6

vendor:francisco burzimodel:php-nukescope:eqversion:7.1

Trust: 1.0

vendor:francisco burzimodel:php-nukescope:eqversion:7.3

Trust: 1.0

vendor:francisco burzimodel:php-nukescope:eqversion:7.2

Trust: 1.0

vendor:francisco burzimodel:php-nukescope:eqversion:7.6

Trust: 1.0

vendor:francisco burzimodel:php-nukescope:eqversion:7.0_final

Trust: 1.0

vendor:francisco burzimodel:php-nukescope:eqversion:7.0

Trust: 1.0

vendor:franciscomodel:burzi php-nukescope:eqversion:7.6

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:7.3

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:7.2

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:7.1

Trust: 0.3

vendor:franciscomodel:burzi php-nuke finalscope:eqversion:7.0

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:7.0

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:6.9

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:6.7

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:6.6

Trust: 0.3

vendor:franciscomodel:burzi php-nuke rc3scope:eqversion:6.5

Trust: 0.3

vendor:franciscomodel:burzi php-nuke rc2scope:eqversion:6.5

Trust: 0.3

vendor:franciscomodel:burzi php-nuke rc1scope:eqversion:6.5

Trust: 0.3

vendor:franciscomodel:burzi php-nuke finalscope:eqversion:6.5

Trust: 0.3

vendor:franciscomodel:burzi php-nuke betascope:eqversion:6.51

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:6.5

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:6.0

Trust: 0.3

sources: BID: 12561 // CNNVD: CNNVD-200502-060 // NVD: CVE-2005-0433

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2005-0433
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-200502-060
value: MEDIUM

Trust: 0.6

VULHUB: VHN-11642
value: MEDIUM

Trust: 0.1

VULMON: CVE-2005-0433
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2005-0433
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

VULHUB: VHN-11642
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-11642 // VULMON: CVE-2005-0433 // CNNVD: CNNVD-200502-060 // NVD: CVE-2005-0433

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2005-0433

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200502-060

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-200502-060

EXTERNAL IDS

db:BIDid:12561

Trust: 2.1

db:NVDid:CVE-2005-0433

Trust: 1.8

db:CNNVDid:CNNVD-200502-060

Trust: 0.7

db:XFid:19344

Trust: 0.6

db:VULHUBid:VHN-11642

Trust: 0.1

db:VULMONid:CVE-2005-0433

Trust: 0.1

sources: VULHUB: VHN-11642 // VULMON: CVE-2005-0433 // BID: 12561 // CNNVD: CNNVD-200502-060 // NVD: CVE-2005-0433

REFERENCES

url:http://www.securityfocus.com/bid/12561

Trust: 1.8

url:http://www.waraxe.us/advisory-40.html

Trust: 1.8

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/19344

Trust: 1.2

url:http://xforce.iss.net/xforce/xfdb/19344

Trust: 0.6

url:http://www.irannuke.com/

Trust: 0.3

url:https://cwe.mitre.org/data/definitions/.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

sources: VULHUB: VHN-11642 // VULMON: CVE-2005-0433 // BID: 12561 // CNNVD: CNNVD-200502-060 // NVD: CVE-2005-0433

CREDITS

Discovery of these vulnerabilities is credited to Janek Vind 'waraxe'

Trust: 0.6

sources: CNNVD: CNNVD-200502-060

SOURCES

db:VULHUBid:VHN-11642
db:VULMONid:CVE-2005-0433
db:BIDid:12561
db:CNNVDid:CNNVD-200502-060
db:NVDid:CVE-2005-0433

LAST UPDATE DATE

2024-08-14T14:08:55.370000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-11642date:2017-07-11T00:00:00
db:VULMONid:CVE-2005-0433date:2017-07-11T00:00:00
db:BIDid:12561date:2005-02-15T00:00:00
db:CNNVDid:CNNVD-200502-060date:2005-10-20T00:00:00
db:NVDid:CVE-2005-0433date:2017-07-11T01:32:17.467

SOURCES RELEASE DATE

db:VULHUBid:VHN-11642date:2005-02-15T00:00:00
db:VULMONid:CVE-2005-0433date:2005-02-15T00:00:00
db:BIDid:12561date:2005-02-15T00:00:00
db:CNNVDid:CNNVD-200502-060date:2005-02-15T00:00:00
db:NVDid:CVE-2005-0433date:2005-02-15T05:00:00