var-200208-0193
Vulnerability from variot
index.php for PHP-Nuke 5.4 and earlier allows remote attackers to determine the physical pathname of the web server when the file parameter is set to index.php, which triggers an error message that leaks the pathname. PHP-Nuke is a popular web based Portal system. It allows users to create accounts and contribute content to the site. A vulnerability has been reported in some versions of PHP-Nuke. Reportedly, a maliciously constructed HTTP request will cause the index.php script to return an error message which includes the full path of the script. It has been suggested that this is the result of an insecure server configuration. It can run under Unix and Linux operating systems, and can also run under Microsoft Windows operating systems. PHP-Nuke may leak absolute paths due to problems in handling some wrong WEB requests. Attackers can use this information to carry out further attacks on the target system
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-200208-0193", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "php-nuke", scope: "eq", trust: 1.6, vendor: "francisco burzi", version: "5.0", }, { model: "php-nuke", scope: "eq", trust: 1.6, vendor: "francisco burzi", version: "5.2", }, { model: "php-nuke", scope: "eq", trust: 1.6, vendor: "francisco burzi", version: "5.1", }, { model: "php-nuke", scope: "eq", trust: 1.6, vendor: "francisco burzi", version: "5.0.1", }, { model: "php-nuke", scope: "eq", trust: 1.6, vendor: "francisco burzi", version: "5.3.1", }, { model: "php-nuke", scope: "eq", trust: 1.6, vendor: "francisco burzi", version: "5.2a", }, { model: "php-nuke", scope: "eq", trust: 1.6, vendor: "francisco burzi", version: "5.4", }, { model: "burzi php-nuke", scope: "eq", trust: 0.3, vendor: "francisco", version: "5.4", }, { model: "burzi php-nuke", scope: "eq", trust: 0.3, vendor: "francisco", version: "5.3.1", }, { model: "burzi php-nuke a", scope: "eq", trust: 0.3, vendor: "francisco", version: "5.2", }, { model: "burzi php-nuke", scope: "eq", trust: 0.3, vendor: "francisco", version: "5.2", }, { model: "burzi php-nuke", scope: "eq", trust: 0.3, vendor: "francisco", version: "5.1", }, { model: "burzi php-nuke", scope: "eq", trust: 0.3, vendor: "francisco", version: "5.0.1", }, { model: "burzi php-nuke", scope: "eq", trust: 0.3, vendor: "francisco", version: "5.0", }, ], sources: [ { db: "BID", id: "4333", }, { db: "NVD", id: "CVE-2002-0483", }, { db: "CNNVD", id: "CNNVD-200208-235", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:francisco_burzi:php-nuke:5.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:francisco_burzi:php-nuke:5.0.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:francisco_burzi:php-nuke:5.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:francisco_burzi:php-nuke:5.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:francisco_burzi:php-nuke:5.3.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:francisco_burzi:php-nuke:5.2a:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:francisco_burzi:php-nuke:5.4:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2002-0483", }, ], }, credits: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "godminus※ godminus@owns.com", sources: [ { db: "CNNVD", id: "CNNVD-200208-235", }, ], trust: 0.6, }, cve: "CVE-2002-0483", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, impactScore: 2.9, integrityImpact: "NONE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: false, vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", author: "VULHUB", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", exploitabilityScore: 10, id: "VHN-4876", impactScore: 2.9, integrityImpact: "NONE", severity: "MEDIUM", trust: 0.1, vectorString: "AV:N/AC:L/AU:N/C:P/I:N/A:N", version: "2.0", }, ], cvssV3: [], severity: [ { author: "NVD", id: "CVE-2002-0483", trust: 1, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-200208-235", trust: 0.6, value: "MEDIUM", }, { author: "VULHUB", id: "VHN-4876", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "VULHUB", id: "VHN-4876", }, { db: "NVD", id: "CVE-2002-0483", }, { db: "CNNVD", id: "CNNVD-200208-235", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "index.php for PHP-Nuke 5.4 and earlier allows remote attackers to determine the physical pathname of the web server when the file parameter is set to index.php, which triggers an error message that leaks the pathname. PHP-Nuke is a popular web based Portal system. It allows users to create accounts and contribute content to the site. \nA vulnerability has been reported in some versions of PHP-Nuke. Reportedly, a maliciously constructed HTTP request will cause the index.php script to return an error message which includes the full path of the script. \nIt has been suggested that this is the result of an insecure server configuration. It can run under Unix and Linux operating systems, and can also run under Microsoft Windows operating systems. PHP-Nuke may leak absolute paths due to problems in handling some wrong WEB requests. Attackers can use this information to carry out further attacks on the target system", sources: [ { db: "NVD", id: "CVE-2002-0483", }, { db: "BID", id: "4333", }, { db: "VULHUB", id: "VHN-4876", }, ], trust: 1.26, }, exploit_availability: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { reference: "https://www.scap.org.cn/vuln/vhn-4876", trust: 0.1, type: "unknown", }, ], sources: [ { db: "VULHUB", id: "VHN-4876", }, ], }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "BID", id: "4333", trust: 2, }, { db: "NVD", id: "CVE-2002-0483", trust: 2, }, { db: "CNNVD", id: "CNNVD-200208-235", trust: 0.7, }, { db: "XF", id: "8618", trust: 0.6, }, { db: "BUGTRAQ", id: "20020320 FW: PHPNUKE 5.4 PATH DISCLOSURE VULNERABILITY?", trust: 0.6, }, { db: "EXPLOIT-DB", id: "21349", trust: 0.1, }, { db: "SEEBUG", id: "SSVID-75176", trust: 0.1, }, { db: "VULHUB", id: "VHN-4876", trust: 0.1, }, ], sources: [ { db: "VULHUB", id: "VHN-4876", }, { db: "BID", id: "4333", }, { db: "NVD", id: "CVE-2002-0483", }, { db: "CNNVD", id: "CNNVD-200208-235", }, ], }, id: "VAR-200208-0193", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VULHUB", id: "VHN-4876", }, ], trust: 0.01, }, last_update_date: "2023-12-18T13:35:53.240000Z", problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "NVD-CWE-Other", trust: 1, }, ], sources: [ { db: "NVD", id: "CVE-2002-0483", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 1.7, url: "http://www.securityfocus.com/bid/4333", }, { trust: 1.7, url: "http://online.securityfocus.com/archive/1/263337", }, { trust: 1.7, url: "http://www.iss.net/security_center/static/8618.php", }, ], sources: [ { db: "VULHUB", id: "VHN-4876", }, { db: "NVD", id: "CVE-2002-0483", }, { db: "CNNVD", id: "CNNVD-200208-235", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULHUB", id: "VHN-4876", }, { db: "BID", id: "4333", }, { db: "NVD", id: "CVE-2002-0483", }, { db: "CNNVD", id: "CNNVD-200208-235", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2002-08-12T00:00:00", db: "VULHUB", id: "VHN-4876", }, { date: "2002-03-21T00:00:00", db: "BID", id: "4333", }, { date: "2002-08-12T04:00:00", db: "NVD", id: "CVE-2002-0483", }, { date: "2002-03-21T00:00:00", db: "CNNVD", id: "CNNVD-200208-235", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2008-09-05T00:00:00", db: "VULHUB", id: "VHN-4876", }, { date: "2009-07-11T11:56:00", db: "BID", id: "4333", }, { date: "2008-09-05T20:28:08.650000", db: "NVD", id: "CVE-2002-0483", }, { date: "2005-10-20T00:00:00", db: "CNNVD", id: "CNNVD-200208-235", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "remote", sources: [ { db: "CNNVD", id: "CNNVD-200208-235", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "PHP-Nuke Error message WEBROOT Path information disclosure vulnerability", sources: [ { db: "CNNVD", id: "CNNVD-200208-235", }, ], trust: 0.6, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Configuration Error", sources: [ { db: "BID", id: "4333", }, { db: "CNNVD", id: "CNNVD-200208-235", }, ], trust: 0.9, }, }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.