VAR-200208-0193
Vulnerability from variot - Updated: 2023-12-18 13:35index.php for PHP-Nuke 5.4 and earlier allows remote attackers to determine the physical pathname of the web server when the file parameter is set to index.php, which triggers an error message that leaks the pathname. PHP-Nuke is a popular web based Portal system. It allows users to create accounts and contribute content to the site. A vulnerability has been reported in some versions of PHP-Nuke. Reportedly, a maliciously constructed HTTP request will cause the index.php script to return an error message which includes the full path of the script. It has been suggested that this is the result of an insecure server configuration. It can run under Unix and Linux operating systems, and can also run under Microsoft Windows operating systems. PHP-Nuke may leak absolute paths due to problems in handling some wrong WEB requests. Attackers can use this information to carry out further attacks on the target system
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-200208-0193",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "php-nuke",
"scope": "eq",
"trust": 1.6,
"vendor": "francisco burzi",
"version": "5.0"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 1.6,
"vendor": "francisco burzi",
"version": "5.2"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 1.6,
"vendor": "francisco burzi",
"version": "5.1"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 1.6,
"vendor": "francisco burzi",
"version": "5.0.1"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 1.6,
"vendor": "francisco burzi",
"version": "5.3.1"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 1.6,
"vendor": "francisco burzi",
"version": "5.2a"
},
{
"model": "php-nuke",
"scope": "eq",
"trust": 1.6,
"vendor": "francisco burzi",
"version": "5.4"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "5.4"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "5.3.1"
},
{
"model": "burzi php-nuke a",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "5.2"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "5.2"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "5.1"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "5.0.1"
},
{
"model": "burzi php-nuke",
"scope": "eq",
"trust": 0.3,
"vendor": "francisco",
"version": "5.0"
}
],
"sources": [
{
"db": "BID",
"id": "4333"
},
{
"db": "NVD",
"id": "CVE-2002-0483"
},
{
"db": "CNNVD",
"id": "CNNVD-200208-235"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:5.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:5.0.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:5.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:5.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:5.3.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:5.2a:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:francisco_burzi:php-nuke:5.4:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2002-0483"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "godminus\u203b godminus@owns.com",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200208-235"
}
],
"trust": 0.6
},
"cve": "CVE-2002-0483",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-4876",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "NVD",
"id": "CVE-2002-0483",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "CNNVD",
"id": "CNNVD-200208-235",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-4876",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-4876"
},
{
"db": "NVD",
"id": "CVE-2002-0483"
},
{
"db": "CNNVD",
"id": "CNNVD-200208-235"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "index.php for PHP-Nuke 5.4 and earlier allows remote attackers to determine the physical pathname of the web server when the file parameter is set to index.php, which triggers an error message that leaks the pathname. PHP-Nuke is a popular web based Portal system. It allows users to create accounts and contribute content to the site. \nA vulnerability has been reported in some versions of PHP-Nuke. Reportedly, a maliciously constructed HTTP request will cause the index.php script to return an error message which includes the full path of the script. \nIt has been suggested that this is the result of an insecure server configuration. It can run under Unix and Linux operating systems, and can also run under Microsoft Windows operating systems. PHP-Nuke may leak absolute paths due to problems in handling some wrong WEB requests. Attackers can use this information to carry out further attacks on the target system",
"sources": [
{
"db": "NVD",
"id": "CVE-2002-0483"
},
{
"db": "BID",
"id": "4333"
},
{
"db": "VULHUB",
"id": "VHN-4876"
}
],
"trust": 1.26
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-4876",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-4876"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "BID",
"id": "4333",
"trust": 2.0
},
{
"db": "NVD",
"id": "CVE-2002-0483",
"trust": 2.0
},
{
"db": "CNNVD",
"id": "CNNVD-200208-235",
"trust": 0.7
},
{
"db": "XF",
"id": "8618",
"trust": 0.6
},
{
"db": "BUGTRAQ",
"id": "20020320 FW: PHPNUKE 5.4 PATH DISCLOSURE VULNERABILITY?",
"trust": 0.6
},
{
"db": "EXPLOIT-DB",
"id": "21349",
"trust": 0.1
},
{
"db": "SEEBUG",
"id": "SSVID-75176",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-4876",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-4876"
},
{
"db": "BID",
"id": "4333"
},
{
"db": "NVD",
"id": "CVE-2002-0483"
},
{
"db": "CNNVD",
"id": "CNNVD-200208-235"
}
]
},
"id": "VAR-200208-0193",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-4876"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:35:53.240000Z",
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-Other",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2002-0483"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "http://www.securityfocus.com/bid/4333"
},
{
"trust": 1.7,
"url": "http://online.securityfocus.com/archive/1/263337"
},
{
"trust": 1.7,
"url": "http://www.iss.net/security_center/static/8618.php"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-4876"
},
{
"db": "NVD",
"id": "CVE-2002-0483"
},
{
"db": "CNNVD",
"id": "CNNVD-200208-235"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-4876"
},
{
"db": "BID",
"id": "4333"
},
{
"db": "NVD",
"id": "CVE-2002-0483"
},
{
"db": "CNNVD",
"id": "CNNVD-200208-235"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2002-08-12T00:00:00",
"db": "VULHUB",
"id": "VHN-4876"
},
{
"date": "2002-03-21T00:00:00",
"db": "BID",
"id": "4333"
},
{
"date": "2002-08-12T04:00:00",
"db": "NVD",
"id": "CVE-2002-0483"
},
{
"date": "2002-03-21T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200208-235"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2008-09-05T00:00:00",
"db": "VULHUB",
"id": "VHN-4876"
},
{
"date": "2009-07-11T11:56:00",
"db": "BID",
"id": "4333"
},
{
"date": "2008-09-05T20:28:08.650000",
"db": "NVD",
"id": "CVE-2002-0483"
},
{
"date": "2005-10-20T00:00:00",
"db": "CNNVD",
"id": "CNNVD-200208-235"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200208-235"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "PHP-Nuke Error message WEBROOT Path information disclosure vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-200208-235"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Configuration Error",
"sources": [
{
"db": "BID",
"id": "4333"
},
{
"db": "CNNVD",
"id": "CNNVD-200208-235"
}
],
"trust": 0.9
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…