Sign-up

ID

VAR-200505-0268


CVE

CVE-2005-1386


TITLE

PHP-Nuke Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-200505-825

DESCRIPTION

PHP-Nuke 7.6 and earlier allows remote attackers to obtain sensitive information via a direct request to (1) ipban.php, (2) db.php, (3) lang-norwegian.php, (4) lang-indonesian.php, (5) lang-greek.php, (6) a request to Web_Links with the portuguese language (lang-portuguese.php), (7) a request to Web_Links with the indonesian language (lang-indonesian.php), (8) a request to the survey module with the indonesian language (lang-indonesian.php), (9) a request to the Reviews module with the portuguese language, or (10) a request to the Journal module with the portuguese language, which reveal the path in an error message. PHP-Nuke is prone to a information disclosure vulnerability

Trust: 1.26

sources: NVD: CVE-2005-1386 // BID: 90067 // VULHUB: VHN-12595

AFFECTED PRODUCTS

vendor:francisco burzimodel:php-nukescope:eqversion:6.7

Trust: 1.6

vendor:francisco burzimodel:php-nukescope:eqversion:7.0

Trust: 1.6

vendor:francisco burzimodel:php-nukescope:eqversion:7.2

Trust: 1.6

vendor:francisco burzimodel:php-nukescope:eqversion:7.4

Trust: 1.6

vendor:francisco burzimodel:php-nukescope:eqversion:7.1

Trust: 1.6

vendor:francisco burzimodel:php-nukescope:eqversion:7.3

Trust: 1.6

vendor:francisco burzimodel:php-nukescope:eqversion:7.6

Trust: 1.6

vendor:francisco burzimodel:php-nukescope:eqversion:7.5

Trust: 1.6

vendor:francisco burzimodel:php-nukescope:eqversion:6.9

Trust: 1.6

vendor:francisco burzimodel:php-nukescope:eqversion:7.0_final

Trust: 1.6

vendor:francisco burzimodel:php-nukescope:eqversion:6.5_rc3

Trust: 1.0

vendor:francisco burzimodel:php-nukescope:eqversion:6.5_rc2

Trust: 1.0

vendor:francisco burzimodel:php-nukescope:eqversion:6.5_final

Trust: 1.0

vendor:francisco burzimodel:php-nukescope:eqversion:6.0

Trust: 1.0

vendor:francisco burzimodel:php-nukescope:eqversion:6.5_rc1

Trust: 1.0

vendor:francisco burzimodel:php-nukescope:eqversion:6.5

Trust: 1.0

vendor:francisco burzimodel:php-nukescope:eqversion:6.6

Trust: 1.0

vendor:francisco burzimodel:php-nukescope:eqversion:6.5_beta1

Trust: 1.0

vendor:franciscomodel:burzi php-nukescope:eqversion:7.6

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:7.5

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:7.4

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:7.3

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:7.2

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:7.1

Trust: 0.3

vendor:franciscomodel:burzi php-nuke finalscope:eqversion:7.0

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:7.0

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:6.9

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:6.7

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:6.6

Trust: 0.3

vendor:franciscomodel:burzi php-nuke rc3scope:eqversion:6.5

Trust: 0.3

vendor:franciscomodel:burzi php-nuke rc2scope:eqversion:6.5

Trust: 0.3

vendor:franciscomodel:burzi php-nuke rc1scope:eqversion:6.5

Trust: 0.3

vendor:franciscomodel:burzi php-nuke finalscope:eqversion:6.5

Trust: 0.3

vendor:franciscomodel:burzi php-nuke beta1scope:eqversion:6.5

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:6.5

Trust: 0.3

vendor:franciscomodel:burzi php-nukescope:eqversion:6.0

Trust: 0.3

sources: BID: 90067 // CNNVD: CNNVD-200505-825 // NVD: CVE-2005-1386

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2005-1386
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-200505-825
value: MEDIUM

Trust: 0.6

VULHUB: VHN-12595
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2005-1386
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-12595
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-12595 // CNNVD: CNNVD-200505-825 // NVD: CVE-2005-1386

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2005-1386

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200505-825

TYPE

unknown

Trust: 0.6

sources: CNNVD: CNNVD-200505-825

EXTERNAL IDS

db:NVDid:CVE-2005-1386

Trust: 2.0

db:CNNVDid:CNNVD-200505-825

Trust: 0.7

db:BUGTRAQid:20050429 MULTIPLES FULL PATH DISCLOSURE IN PHP-NUKE 7.6 (AND BELOW)

Trust: 0.6

db:BIDid:90067

Trust: 0.4

db:VULHUBid:VHN-12595

Trust: 0.1

sources: VULHUB: VHN-12595 // BID: 90067 // CNNVD: CNNVD-200505-825 // NVD: CVE-2005-1386

REFERENCES

url:http://marc.info/?l=bugtraq&m=111478982629035&w=2

Trust: 1.0

url:http://marc.theaimsgroup.com/?l=bugtraq&m=111478982629035&w=2

Trust: 0.9

url:http://marc.info/?l=bugtraq&m=111478982629035&w=2

Trust: 0.1

sources: VULHUB: VHN-12595 // BID: 90067 // CNNVD: CNNVD-200505-825 // NVD: CVE-2005-1386

CREDITS

Unknown

Trust: 0.3

sources: BID: 90067

SOURCES

db:VULHUBid:VHN-12595
db:BIDid:90067
db:CNNVDid:CNNVD-200505-825
db:NVDid:CVE-2005-1386

LAST UPDATE DATE

2024-08-14T14:48:04.668000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-12595date:2016-10-18T00:00:00
db:BIDid:90067date:2005-05-03T00:00:00
db:CNNVDid:CNNVD-200505-825date:2005-10-20T00:00:00
db:NVDid:CVE-2005-1386date:2016-10-18T03:19:43.913

SOURCES RELEASE DATE

db:VULHUBid:VHN-12595date:2005-05-03T00:00:00
db:BIDid:90067date:2005-05-03T00:00:00
db:CNNVDid:CNNVD-200505-825date:2005-05-03T00:00:00
db:NVDid:CVE-2005-1386date:2005-05-03T04:00:00