Lucene search
HistoryJul 25, 2010 - 2:04 a.m.
CVE-2010-2859
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
6.2 Medium
AI Score
Confidence
Low
0.003 Low
EPSS
Percentile
71.4%
news.php in SimpNews 2.47.3 and earlier allows remote attackers to obtain sensitive information via an invalid lang parameter, which reveals the installation path in an error message.
Affected configurations
Node
boesch-itsimpnewsRange≤2.47.03
ORboesch-itsimpnewsMatch2.0.1
ORboesch-itsimpnewsMatch2.13
ORboesch-itsimpnewsMatch2.30
ORboesch-itsimpnewsMatch2.30.2
ORboesch-itsimpnewsMatch2.30.6
ORboesch-itsimpnewsMatch2.31.0
ORboesch-itsimpnewsMatch2.32.0
ORboesch-itsimpnewsMatch2.32.1
ORboesch-itsimpnewsMatch2.33.0
ORboesch-itsimpnewsMatch2.33.01
ORboesch-itsimpnewsMatch2.34
ORboesch-itsimpnewsMatch2.34.0
ORboesch-itsimpnewsMatch2.34.01
ORboesch-itsimpnewsMatch2.35.00
ORboesch-itsimpnewsMatch2.36.00
ORboesch-itsimpnewsMatch2.37.00
ORboesch-itsimpnewsMatch2.37.01
ORboesch-itsimpnewsMatch2.37.02
ORboesch-itsimpnewsMatch2.38
ORboesch-itsimpnewsMatch2.38.02
ORboesch-itsimpnewsMatch2.38.03
ORboesch-itsimpnewsMatch2.38.04
ORboesch-itsimpnewsMatch2.39.0
ORboesch-itsimpnewsMatch2.40.01
ORboesch-itsimpnewsMatch2.41.0
ORboesch-itsimpnewsMatch2.41.02
ORboesch-itsimpnewsMatch2.41.03
ORboesch-itsimpnewsMatch2.42.0
ORboesch-itsimpnewsMatch2.42.01
ORboesch-itsimpnewsMatch2.44.00
ORboesch-itsimpnewsMatch2.47.00
Related
cve
cve
CVE-2010-2859
2010-07-25 02:04:14
prion
prion
Design/Logic Flaw
2010-07-25 02:04:00
cvelist
cvelist
CVE-2010-2859
2010-07-23 20:00:00
openvas
openvas
SimpNews Multiple Vulnerabilities
2010-08-02 00:00:00
SimpNews Multiple Vulnerabilities
2010-08-02 00:00:00
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
6.2 Medium
AI Score
Confidence
Low
0.003 Low
EPSS
Percentile
71.4%
Related for NVD:CVE-2010-2859