RunCMS 1.1 Database Configuration Information Disclosure Vulnerability
2005-03-18T00:00:00
ID EDB-ID:25237 Type exploitdb Reporter Majid NT Modified 2005-03-18T00:00:00
Description
RunCMS 1.1 Database Configuration Information Disclosure Vulnerability. CVE-2005-0828. Webapps exploit for php platform
source: http://www.securityfocus.com/bid/12848/info
RunCMS is reportedly affected by an information disclosure vulnerability. This issue is due to a failure in the application to secure sensitive information.
Exploitation of this vulnerability could lead to the disclosure of database configuration details, including the database name, user name and password.
RunCMS was formerly named E-Xoops.
http://www.example.com/[runcms]/class/debug/highlight.php?file=[runcmsinstallationpath]\mainfile.php&line=151#151
{"id": "EDB-ID:25237", "hash": "e23f997fa77796dc10a61af6a68bfabb", "type": "exploitdb", "bulletinFamily": "exploit", "title": "RunCMS 1.1 Database Configuration Information Disclosure Vulnerability", "description": "RunCMS 1.1 Database Configuration Information Disclosure Vulnerability. CVE-2005-0828. Webapps exploit for php platform", "published": "2005-03-18T00:00:00", "modified": "2005-03-18T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://www.exploit-db.com/exploits/25237/", "reporter": "Majid NT", "references": [], "cvelist": ["CVE-2005-0828"], "lastseen": "2016-02-03T00:56:20", "history": [], "viewCount": 0, "enchantments": {"score": {"value": 5.6, "vector": "NONE", "modified": "2016-02-03T00:56:20"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2005-0828"]}], "modified": "2016-02-03T00:56:20"}, "vulnersScore": 5.6}, "objectVersion": "1.4", "sourceHref": "https://www.exploit-db.com/download/25237/", "sourceData": "source: http://www.securityfocus.com/bid/12848/info\r\n\r\nRunCMS is reportedly affected by an information disclosure vulnerability. This issue is due to a failure in the application to secure sensitive information.\r\n\r\nExploitation of this vulnerability could lead to the disclosure of database configuration details, including the database name, user name and password.\r\n\r\nRunCMS was formerly named E-Xoops. \r\n\r\nhttp://www.example.com/[runcms]/class/debug/highlight.php?file=[runcmsinstallationpath]\\mainfile.php&line=151#151\r\n\r\n", "osvdbidlist": ["14890"], "_object_type": "robots.models.exploitdb.ExploitDbBulletin", "_object_types": ["robots.models.exploitdb.ExploitDbBulletin", "robots.models.base.Bulletin"]}
{"cve": [{"lastseen": "2019-05-29T18:08:13", "bulletinFamily": "NVD", "description": "highlight.php in (1) RUNCMS 1.1A, (2) CIAMOS 0.9.2 RC1, (3) e-Xoops 1.05 Rev3, and possibly other products based on e-Xoops (exoops), allows remote attackers to read arbitrary PHP files by specifying the pathname in the file parameter, as demonstrated by reading database configuration information from mainfile.php.", "modified": "2017-07-11T01:32:00", "id": "CVE-2005-0828", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0828", "published": "2005-05-02T04:00:00", "title": "CVE-2005-0828", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}]}
