Lucene search

[email protected]CVE-2004-0066

HistoryFeb 17, 2004 - 5:00 a.m.

CVE-2004-0066

2004-02-1705:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2004-0066

phpgedview

web server path disclosure

nvd

7.5 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.005 Low

EPSS

Percentile

77.1%

JSON

phpGedView before 2.65 allows remote attackers to obtain the absolute path of the web server via malformed parameters to (1) indilist.php, (2) famlist.php, (3) placelist.php, (4) imageview.php, (5) timeline.php, (6) clippings.php, (7) login.php, and (8) gdbi.php.

CPENameOperatorVersion
phpgedview:phpgedviewphpgedviewle2.65

CPE	Name	Operator	Version
phpgedview:phpgedview	phpgedview	le	2.65

References

marc.info/?l=bugtraq&m=107394912715478&w=2

www.osvdb.org/3464

exchange.xforce.ibmcloud.com/vulnerabilities/14215

7.5 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.005 Low

EPSS

Percentile

77.1%

JSON