5

CVE-2005-1697

The RSS module in PostNuke 0.750 and 0.760RC2 and RC3 allows remote attackers to obtain sensitive information via a direct request to simple_smarty.php, which reveals the path in an error message.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PostnukePostnuke Version0.750
PostnukePostnuke Version0.760 Updaterc2
PostnukePostnuke Version0.760 Updaterc3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.13% 0.621
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
CWE-425 Direct Request ('Forced Browsing')

The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.

http://marc.info/?l=bugtraq&m=111670482500552&w=2
Third Party Advisory