var-200208-0193
Vulnerability from variot

index.php for PHP-Nuke 5.4 and earlier allows remote attackers to determine the physical pathname of the web server when the file parameter is set to index.php, which triggers an error message that leaks the pathname. PHP-Nuke is a popular web based Portal system. It allows users to create accounts and contribute content to the site. A vulnerability has been reported in some versions of PHP-Nuke. Reportedly, a maliciously constructed HTTP request will cause the index.php script to return an error message which includes the full path of the script. It has been suggested that this is the result of an insecure server configuration. It can run under Unix and Linux operating systems, and can also run under Microsoft Windows operating systems. PHP-Nuke may leak absolute paths due to problems in handling some wrong WEB requests. Attackers can use this information to carry out further attacks on the target system

Show details on source website


{
   "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
      affected_products: {
         "@id": "https://www.variotdbs.pl/ref/affected_products",
      },
      configurations: {
         "@id": "https://www.variotdbs.pl/ref/configurations",
      },
      credits: {
         "@id": "https://www.variotdbs.pl/ref/credits",
      },
      cvss: {
         "@id": "https://www.variotdbs.pl/ref/cvss/",
      },
      description: {
         "@id": "https://www.variotdbs.pl/ref/description/",
      },
      exploit_availability: {
         "@id": "https://www.variotdbs.pl/ref/exploit_availability/",
      },
      external_ids: {
         "@id": "https://www.variotdbs.pl/ref/external_ids/",
      },
      iot: {
         "@id": "https://www.variotdbs.pl/ref/iot/",
      },
      iot_taxonomy: {
         "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/",
      },
      patch: {
         "@id": "https://www.variotdbs.pl/ref/patch/",
      },
      problemtype_data: {
         "@id": "https://www.variotdbs.pl/ref/problemtype_data/",
      },
      references: {
         "@id": "https://www.variotdbs.pl/ref/references/",
      },
      sources: {
         "@id": "https://www.variotdbs.pl/ref/sources/",
      },
      sources_release_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_release_date/",
      },
      sources_update_date: {
         "@id": "https://www.variotdbs.pl/ref/sources_update_date/",
      },
      threat_type: {
         "@id": "https://www.variotdbs.pl/ref/threat_type/",
      },
      title: {
         "@id": "https://www.variotdbs.pl/ref/title/",
      },
      type: {
         "@id": "https://www.variotdbs.pl/ref/type/",
      },
   },
   "@id": "https://www.variotdbs.pl/vuln/VAR-200208-0193",
   affected_products: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            model: "php-nuke",
            scope: "eq",
            trust: 1.6,
            vendor: "francisco burzi",
            version: "5.0",
         },
         {
            model: "php-nuke",
            scope: "eq",
            trust: 1.6,
            vendor: "francisco burzi",
            version: "5.2",
         },
         {
            model: "php-nuke",
            scope: "eq",
            trust: 1.6,
            vendor: "francisco burzi",
            version: "5.1",
         },
         {
            model: "php-nuke",
            scope: "eq",
            trust: 1.6,
            vendor: "francisco burzi",
            version: "5.0.1",
         },
         {
            model: "php-nuke",
            scope: "eq",
            trust: 1.6,
            vendor: "francisco burzi",
            version: "5.3.1",
         },
         {
            model: "php-nuke",
            scope: "eq",
            trust: 1.6,
            vendor: "francisco burzi",
            version: "5.2a",
         },
         {
            model: "php-nuke",
            scope: "eq",
            trust: 1.6,
            vendor: "francisco burzi",
            version: "5.4",
         },
         {
            model: "burzi php-nuke",
            scope: "eq",
            trust: 0.3,
            vendor: "francisco",
            version: "5.4",
         },
         {
            model: "burzi php-nuke",
            scope: "eq",
            trust: 0.3,
            vendor: "francisco",
            version: "5.3.1",
         },
         {
            model: "burzi php-nuke a",
            scope: "eq",
            trust: 0.3,
            vendor: "francisco",
            version: "5.2",
         },
         {
            model: "burzi php-nuke",
            scope: "eq",
            trust: 0.3,
            vendor: "francisco",
            version: "5.2",
         },
         {
            model: "burzi php-nuke",
            scope: "eq",
            trust: 0.3,
            vendor: "francisco",
            version: "5.1",
         },
         {
            model: "burzi php-nuke",
            scope: "eq",
            trust: 0.3,
            vendor: "francisco",
            version: "5.0.1",
         },
         {
            model: "burzi php-nuke",
            scope: "eq",
            trust: 0.3,
            vendor: "francisco",
            version: "5.0",
         },
      ],
      sources: [
         {
            db: "BID",
            id: "4333",
         },
         {
            db: "NVD",
            id: "CVE-2002-0483",
         },
         {
            db: "CNNVD",
            id: "CNNVD-200208-235",
         },
      ],
   },
   configurations: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/configurations#",
         children: {
            "@container": "@list",
         },
         cpe_match: {
            "@container": "@list",
         },
         data: {
            "@container": "@list",
         },
         nodes: {
            "@container": "@list",
         },
      },
      data: [
         {
            CVE_data_version: "4.0",
            nodes: [
               {
                  children: [],
                  cpe_match: [
                     {
                        cpe23Uri: "cpe:2.3:a:francisco_burzi:php-nuke:5.0:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:francisco_burzi:php-nuke:5.0.1:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:francisco_burzi:php-nuke:5.1:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:francisco_burzi:php-nuke:5.2:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:francisco_burzi:php-nuke:5.3.1:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:francisco_burzi:php-nuke:5.2a:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                     {
                        cpe23Uri: "cpe:2.3:a:francisco_burzi:php-nuke:5.4:*:*:*:*:*:*:*",
                        cpe_name: [],
                        vulnerable: true,
                     },
                  ],
                  operator: "OR",
               },
            ],
         },
      ],
      sources: [
         {
            db: "NVD",
            id: "CVE-2002-0483",
         },
      ],
   },
   credits: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/credits#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "godminus※ godminus@owns.com",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-200208-235",
         },
      ],
      trust: 0.6,
   },
   cve: "CVE-2002-0483",
   cvss: {
      "@context": {
         cvssV2: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2",
         },
         cvssV3: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/",
         },
         severity: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/cvss/severity#",
            },
            "@id": "https://www.variotdbs.pl/ref/cvss/severity",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
            "@id": "https://www.variotdbs.pl/ref/sources",
         },
      },
      data: [
         {
            cvssV2: [
               {
                  acInsufInfo: false,
                  accessComplexity: "LOW",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "NVD",
                  availabilityImpact: "NONE",
                  baseScore: 5,
                  confidentialityImpact: "PARTIAL",
                  exploitabilityScore: 10,
                  impactScore: 2.9,
                  integrityImpact: "NONE",
                  obtainAllPrivilege: false,
                  obtainOtherPrivilege: false,
                  obtainUserPrivilege: false,
                  severity: "MEDIUM",
                  trust: 1,
                  userInteractionRequired: false,
                  vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N",
                  version: "2.0",
               },
               {
                  accessComplexity: "LOW",
                  accessVector: "NETWORK",
                  authentication: "NONE",
                  author: "VULHUB",
                  availabilityImpact: "NONE",
                  baseScore: 5,
                  confidentialityImpact: "PARTIAL",
                  exploitabilityScore: 10,
                  id: "VHN-4876",
                  impactScore: 2.9,
                  integrityImpact: "NONE",
                  severity: "MEDIUM",
                  trust: 0.1,
                  vectorString: "AV:N/AC:L/AU:N/C:P/I:N/A:N",
                  version: "2.0",
               },
            ],
            cvssV3: [],
            severity: [
               {
                  author: "NVD",
                  id: "CVE-2002-0483",
                  trust: 1,
                  value: "MEDIUM",
               },
               {
                  author: "CNNVD",
                  id: "CNNVD-200208-235",
                  trust: 0.6,
                  value: "MEDIUM",
               },
               {
                  author: "VULHUB",
                  id: "VHN-4876",
                  trust: 0.1,
                  value: "MEDIUM",
               },
            ],
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-4876",
         },
         {
            db: "NVD",
            id: "CVE-2002-0483",
         },
         {
            db: "CNNVD",
            id: "CNNVD-200208-235",
         },
      ],
   },
   description: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/description#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "index.php for PHP-Nuke 5.4 and earlier allows remote attackers to determine the physical pathname of the web server when the file parameter is set to index.php, which triggers an error message that leaks the pathname. PHP-Nuke is a popular web based Portal system. It allows users to create accounts and contribute content to the site. \nA vulnerability has been reported in some versions of PHP-Nuke. Reportedly, a maliciously constructed HTTP request will cause the index.php script to return an error message which includes the full path of the script. \nIt has been suggested that this is the result of an insecure server configuration. It can run under Unix and Linux operating systems, and can also run under Microsoft Windows operating systems. PHP-Nuke may leak absolute paths due to problems in handling some wrong WEB requests. Attackers can use this information to carry out further attacks on the target system",
      sources: [
         {
            db: "NVD",
            id: "CVE-2002-0483",
         },
         {
            db: "BID",
            id: "4333",
         },
         {
            db: "VULHUB",
            id: "VHN-4876",
         },
      ],
      trust: 1.26,
   },
   exploit_availability: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            reference: "https://www.scap.org.cn/vuln/vhn-4876",
            trust: 0.1,
            type: "unknown",
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-4876",
         },
      ],
   },
   external_ids: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            db: "BID",
            id: "4333",
            trust: 2,
         },
         {
            db: "NVD",
            id: "CVE-2002-0483",
            trust: 2,
         },
         {
            db: "CNNVD",
            id: "CNNVD-200208-235",
            trust: 0.7,
         },
         {
            db: "XF",
            id: "8618",
            trust: 0.6,
         },
         {
            db: "BUGTRAQ",
            id: "20020320 FW: PHPNUKE 5.4 PATH DISCLOSURE VULNERABILITY?",
            trust: 0.6,
         },
         {
            db: "EXPLOIT-DB",
            id: "21349",
            trust: 0.1,
         },
         {
            db: "SEEBUG",
            id: "SSVID-75176",
            trust: 0.1,
         },
         {
            db: "VULHUB",
            id: "VHN-4876",
            trust: 0.1,
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-4876",
         },
         {
            db: "BID",
            id: "4333",
         },
         {
            db: "NVD",
            id: "CVE-2002-0483",
         },
         {
            db: "CNNVD",
            id: "CNNVD-200208-235",
         },
      ],
   },
   id: "VAR-200208-0193",
   iot: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/iot#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: true,
      sources: [
         {
            db: "VULHUB",
            id: "VHN-4876",
         },
      ],
      trust: 0.01,
   },
   last_update_date: "2023-12-18T13:35:53.240000Z",
   problemtype_data: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            problemtype: "NVD-CWE-Other",
            trust: 1,
         },
      ],
      sources: [
         {
            db: "NVD",
            id: "CVE-2002-0483",
         },
      ],
   },
   references: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/references#",
         data: {
            "@container": "@list",
         },
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: [
         {
            trust: 1.7,
            url: "http://www.securityfocus.com/bid/4333",
         },
         {
            trust: 1.7,
            url: "http://online.securityfocus.com/archive/1/263337",
         },
         {
            trust: 1.7,
            url: "http://www.iss.net/security_center/static/8618.php",
         },
      ],
      sources: [
         {
            db: "VULHUB",
            id: "VHN-4876",
         },
         {
            db: "NVD",
            id: "CVE-2002-0483",
         },
         {
            db: "CNNVD",
            id: "CNNVD-200208-235",
         },
      ],
   },
   sources: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            db: "VULHUB",
            id: "VHN-4876",
         },
         {
            db: "BID",
            id: "4333",
         },
         {
            db: "NVD",
            id: "CVE-2002-0483",
         },
         {
            db: "CNNVD",
            id: "CNNVD-200208-235",
         },
      ],
   },
   sources_release_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2002-08-12T00:00:00",
            db: "VULHUB",
            id: "VHN-4876",
         },
         {
            date: "2002-03-21T00:00:00",
            db: "BID",
            id: "4333",
         },
         {
            date: "2002-08-12T04:00:00",
            db: "NVD",
            id: "CVE-2002-0483",
         },
         {
            date: "2002-03-21T00:00:00",
            db: "CNNVD",
            id: "CNNVD-200208-235",
         },
      ],
   },
   sources_update_date: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
         data: {
            "@container": "@list",
         },
      },
      data: [
         {
            date: "2008-09-05T00:00:00",
            db: "VULHUB",
            id: "VHN-4876",
         },
         {
            date: "2009-07-11T11:56:00",
            db: "BID",
            id: "4333",
         },
         {
            date: "2008-09-05T20:28:08.650000",
            db: "NVD",
            id: "CVE-2002-0483",
         },
         {
            date: "2005-10-20T00:00:00",
            db: "CNNVD",
            id: "CNNVD-200208-235",
         },
      ],
   },
   threat_type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "remote",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-200208-235",
         },
      ],
      trust: 0.6,
   },
   title: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/title#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "PHP-Nuke Error message WEBROOT Path information disclosure vulnerability",
      sources: [
         {
            db: "CNNVD",
            id: "CNNVD-200208-235",
         },
      ],
      trust: 0.6,
   },
   type: {
      "@context": {
         "@vocab": "https://www.variotdbs.pl/ref/type#",
         sources: {
            "@container": "@list",
            "@context": {
               "@vocab": "https://www.variotdbs.pl/ref/sources#",
            },
         },
      },
      data: "Configuration Error",
      sources: [
         {
            db: "BID",
            id: "4333",
         },
         {
            db: "CNNVD",
            id: "CNNVD-200208-235",
         },
      ],
      trust: 0.9,
   },
}


Log in or create an account to share your comment.

Security Advisory comment format.

This schema specifies the format of a comment related to a security advisory.

UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).



Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.