Details of VAR-200505-1008

ID

VAR-200505-1008

CVE

CVE-2005-1028

TITLE

PHP-Nuke Security hole

Trust: 0.6

sources: CNNVD: CNNVD-200505-172

DESCRIPTION

PHP-Nuke 6.x through 7.6 allows remote attackers to obtain sensitive information via a direct request to (1) index.php with the forum_admin parameter set, (2) the Surveys module, or (3) the Your_Account module, which reveals the path in a PHP error message. PHP-Nuke is prone to a information disclosure vulnerability

Trust: 1.26

sources: NVD: CVE-2005-1028 // BID: 90112 // VULHUB: VHN-12237

AFFECTED PRODUCTS

vendor:	phpnuke	model:	php-nuke	scope:	gte	version:	6.0	Trust: 1.0
vendor:	phpnuke	model:	php-nuke	scope:	lte	version:	7.6	Trust: 1.0
vendor:	francisco burzi	model:	php-nuke	scope:	eq	version:	6.7	Trust: 0.6
vendor:	francisco burzi	model:	php-nuke	scope:	eq	version:	6.9	Trust: 0.6
vendor:	francisco burzi	model:	php-nuke	scope:	eq	version:	7.4	Trust: 0.6
vendor:	francisco burzi	model:	php-nuke	scope:	eq	version:	6.6	Trust: 0.6
vendor:	francisco burzi	model:	php-nuke	scope:	eq	version:	6.5_rc2	Trust: 0.6
vendor:	francisco burzi	model:	php-nuke	scope:	eq	version:	6.5_rc3	Trust: 0.6
vendor:	francisco burzi	model:	php-nuke	scope:	eq	version:	6.5_rc1	Trust: 0.6
vendor:	francisco burzi	model:	php-nuke	scope:	eq	version:	6.5_beta1	Trust: 0.6
vendor:	francisco burzi	model:	php-nuke	scope:	eq	version:	7.6	Trust: 0.6
vendor:	francisco burzi	model:	php-nuke	scope:	eq	version:	6.5_final	Trust: 0.6
vendor:	francisco	model:	burzi php-nuke	scope:	eq	version:	7.6	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke	scope:	eq	version:	7.5	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke	scope:	eq	version:	7.4	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke	scope:	eq	version:	7.3	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke	scope:	eq	version:	7.2	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke	scope:	eq	version:	7.1	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke final	scope:	eq	version:	7.0	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke	scope:	eq	version:	7.0	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke	scope:	eq	version:	6.9	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke	scope:	eq	version:	6.7	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke	scope:	eq	version:	6.6	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke rc3	scope:	eq	version:	6.5	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke rc2	scope:	eq	version:	6.5	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke rc1	scope:	eq	version:	6.5	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke final	scope:	eq	version:	6.5	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke beta1	scope:	eq	version:	6.5	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke	scope:	eq	version:	6.5	Trust: 0.3
vendor:	francisco	model:	burzi php-nuke	scope:	eq	version:	6.0	Trust: 0.3

sources: BID: 90112 // CNNVD: CNNVD-200505-172 // NVD: CVE-2005-1028

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2005-1028
value:	MEDIUM
Trust: 1.0
CNNVD:	CNNVD-200505-172
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-12237
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2005-1028
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-12237
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-12237 // CNNVD: CNNVD-200505-172 // NVD: CVE-2005-1028

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.1

sources: VULHUB: VHN-12237 // NVD: CVE-2005-1028

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200505-172

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-200505-172

EXTERNAL IDS

db:	NVD	id:	CVE-2005-1028	Trust: 2.0
db:	CNNVD	id:	CNNVD-200505-172	Trust: 0.7
db:	BID	id:	90112	Trust: 0.4
db:	VULHUB	id:	VHN-12237	Trust: 0.1

sources: VULHUB: VHN-12237 // BID: 90112 // CNNVD: CNNVD-200505-172 // NVD: CVE-2005-1028

REFERENCES

url:	http://marc.info/?l=bugtraq&m=111272010303144&w=2	Trust: 1.6
url:	http://marc.theaimsgroup.com/?l=bugtraq&m=111272010303144&w=2	Trust: 0.3
url:	http://marc.info/?l=bugtraq&m=111272010303144&w=2	Trust: 0.1

sources: VULHUB: VHN-12237 // BID: 90112 // CNNVD: CNNVD-200505-172 // NVD: CVE-2005-1028

CREDITS

Unknown

Trust: 0.3

sources: BID: 90112

SOURCES

db:	VULHUB	id:	VHN-12237
db:	BID	id:	90112
db:	CNNVD	id:	CNNVD-200505-172
db:	NVD	id:	CVE-2005-1028

LAST UPDATE DATE

2024-08-14T13:51:05.590000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-12237	date:	2019-07-16T00:00:00
db:	BID	id:	90112	date:	2005-05-02T00:00:00
db:	CNNVD	id:	CNNVD-200505-172	date:	2019-07-17T00:00:00
db:	NVD	id:	CVE-2005-1028	date:	2019-07-16T12:20:01.417

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-12237	date:	2005-05-02T00:00:00
db:	BID	id:	90112	date:	2005-05-02T00:00:00
db:	CNNVD	id:	CNNVD-200505-172	date:	2005-05-02T00:00:00
db:	NVD	id:	CVE-2005-1028	date:	2005-05-02T04:00:00