Lucene search

[email protected]CVE-2004-0130

HistoryMar 03, 2004 - 5:00 a.m.

CVE-2004-0130

2004-03-0305:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

phpgedview

security

sensitive information

leakage

cve-2004-0130

7.2 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.006 Low

EPSS

Percentile

78.8%

JSON

login.php in phpGedView 2.65 and earlier allows remote attackers to obtain sensitive information via an HTTP request to login.php that does not contain the required username or password parameters, which causes the information to be leaked in an error message.

CPENameOperatorVersion
phpgedview:phpgedviewphpgedviewle2.65

CPE	Name	Operator	Version
phpgedview:phpgedview	phpgedview	le	2.65

References

securitytracker.com/alerts/2004/Jan/1008844.html

www.netvigilance.com/advisory0001

www.osvdb.org/6886

www.securiteam.com/unixfocus/5NP0M1PBPQ.html

exchange.xforce.ibmcloud.com/vulnerabilities/15128

7.2 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.006 Low

EPSS

Percentile

78.8%

JSON

Related for CVE-2004-0130

cvelist1