5

CVE-2005-3645

phpAdsNew and phpPgAds 2.0.6 and possibly earlier versions allows remote attackers to obtain the application installation path and other sensitive information via direct requests to (1) create.php, and if display_errors is enabled, (2) lib-updates.inc.php, (3) lib-targetstats.inc.php, (4) lib-size.inc.php, (5) lib-misc-stats.inc.php, (6) lib-hourly-hosts.inc.php, (7) lib-hourly.inc.php, (8) lib-history.inc.php, and (9) graph-daily.php.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PhpadsnewPhpadsnew Version2.0.4_pr1
PhpadsnewPhpadsnew Version2.0.5
PhpadsnewPhpadsnew Version2.0.6
PhpadsnewPhpadsnew Version2.0_beta5
PhpadsnewPhpadsnew Version2.0_beta6
PhpadsnewPhpadsnew Version2_dev_2001-09-30
PhpadsnewPhpadsnew Version2_dev_2001-10-09
PhppgadsPhppgads Version2.0.6
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.26% 0.807
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://marc.info/?l=bugtraq&m=113165036315035&w=2
http://seclists.org/lists/bugtraq/2005/Nov/0189.html
http://secunia.com/advisories/17464/
Patch
Vendor Advisory
http://securityreason.com/securityalert/171
http://sourceforge.net/project/shownotes.php?group_id=36679&release_id=370942
http://www.fitsec.com/advisories/FS-05-01.txt
Vendor Advisory
http://www.osvdb.org/20735
http://www.osvdb.org/20736
http://www.osvdb.org/20737
http://www.osvdb.org/20738
http://www.osvdb.org/20739
http://www.osvdb.org/20740
http://www.osvdb.org/20741
http://www.osvdb.org/20742
http://www.osvdb.org/20743
http://www.vupen.com/english/advisories/2005/2380
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/23043