Search...

PHP-Nuke Web_Links show Variable Path Disclosure

2005-04-06T18:46:48

ID OSVDB:15409
Type osvdb
Reporter Maksymilian Arciemowicz(cxib@securityreason.com)
Modified 2005-04-06T18:46:48

Description

Manual Testing Notes

http://[victim]/[DIR]/modules.php?name=Web_Links&l_op=search&query=Hihihi&show=cXIb8O3

References:

Vendor URL: http://phpnuke.org/ Other Advisory URL: http://securityreason.com/adv/[phpnuke%207.6%20Multiple%20vulnerabilities%20in%20Web_Links%20Module%20cXIb8O3.14].asc Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-04/0105.html Keyword: cXIb8O3.14 CVE-2005-0998

JSON Vulners Source

Initial Source

{"enchantments": {"score": {"value": 5.7, "vector": "NONE", "modified": "2017-04-28T13:20:11"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2005-0998"]}], "modified": "2017-04-28T13:20:11"}, "vulnersScore": 5.7}, "bulletinFamily": "software", "affectedSoftware": [], "references": [], "href": "https://vulners.com/osvdb/OSVDB:15409", "id": "OSVDB:15409", "title": "PHP-Nuke Web_Links show Variable Path Disclosure", "history": [], "type": "osvdb", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "lastseen": "2017-04-28T13:20:11", "edition": 1, "hash": "49661800f613953d766aae8960a28bfe3936afc3e1a9338b4df2e49a64d66098", "objectVersion": "1.2", "reporter": "Maksymilian Arciemowicz(cxib@securityreason.com)", "description": "## Manual Testing Notes\nhttp://[victim]/[DIR]/modules.php?name=Web_Links&l_op=search&query=Hihihi&show=cXIb8O3\n## References:\nVendor URL: http://phpnuke.org/\nOther Advisory URL: http://securityreason.com/adv/[phpnuke%207.6%20Multiple%20vulnerabilities%20in%20Web_Links%20Module%20cXIb8O3.14].asc\nMail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-04/0105.html\nKeyword: cXIb8O3.14\n[CVE-2005-0998](https://vulners.com/cve/CVE-2005-0998)\n", "modified": "2005-04-06T18:46:48", "viewCount": 0, "published": "2005-04-06T18:46:48", "cvelist": ["CVE-2005-0998"], "hashmap": [{"key": "affectedSoftware", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "c5359a18be70d39b83d59ef2cb35ad39"}, {"key": "cvss", "hash": "a792e2393dff1e200b885c5245988f6f"}, {"key": "description", "hash": "a7a68574280ce4513ba69458f1ebc8e7"}, {"key": "href", "hash": "4c5367321a2c246d8d29b38f002fda2d"}, {"key": "modified", "hash": "57331c8af6006a62d978b4ce0b80dd01"}, {"key": "objectVersion", "hash": "56765472680401499c79732468ba4340"}, {"key": "published", "hash": "57331c8af6006a62d978b4ce0b80dd01"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "1c222a0cd8879a62f3ae035cfb8984f0"}, {"key": "title", "hash": "46ff78ecadaeefda34d1c50772bb3b48"}, {"key": "type", "hash": "1327ac71f7914948578f08c54f772b10"}]}

{"cve": [{"lastseen": "2019-05-29T18:08:13", "bulletinFamily": "NVD", "description": "The Web_Links module for PHP-Nuke 7.6 allows remote attackers to obtain sensitive information via an invalid show parameter, which triggers a division by zero PHP error that leaks the full pathname of the server.", "modified": "2016-10-18T03:16:00", "id": "CVE-2005-0998", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0998", "published": "2005-05-02T04:00:00", "title": "CVE-2005-0998", "type": "cve", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}]}