Lucene search

K
nvd[email protected]NVD:CVE-2005-1698
HistoryMay 24, 2005 - 4:00 a.m.

CVE-2005-1698

2005-05-2404:00:00
CWE-425
web.nvd.nist.gov
9

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.1

Confidence

Low

EPSS

0.004

Percentile

73.3%

PostNuke 0.750 and 0.760RC3 allows remote attackers to obtain sensitive information via a direct request to (1) theme.php or (2) Xanthia.php in the Xanthia module, (3) user.php, (4) thelang.php, (5) text.php, (6) html.php, (7) menu.php, (8) finclude.php, or (9) button.php in the pnblocks directory in the Blocks module, (10) config.php in the NS-Multisites (aka Multisites) module, or (11) xmlrpc.php, which reveals the path in an error message.

Affected configurations

Nvd
Node
postnukepostnukeMatch0.750
OR
postnukepostnukeMatch0.760rc3
VendorProductVersionCPE
postnukepostnuke0.750cpe:2.3:a:postnuke:postnuke:0.750:*:*:*:*:*:*:*
postnukepostnuke0.760cpe:2.3:a:postnuke:postnuke:0.760:rc3:*:*:*:*:*:*

CVSS2

5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

AI Score

6.1

Confidence

Low

EPSS

0.004

Percentile

73.3%

Related for NVD:CVE-2005-1698