5

CVE-2005-3645

EPSS 2.01%
Veröffentlicht 17.11.2005 11:02:00
Zuletzt bearbeitet 03.04.2025 01:03:51
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

phpAdsNew and phpPgAds 2.0.6 and possibly earlier versions allows remote attackers to obtain the application installation path and other sensitive information via direct requests to (1) create.php, and if display_errors is enabled, (2) lib-updates.inc.php, (3) lib-targetstats.inc.php, (4) lib-size.inc.php, (5) lib-misc-stats.inc.php, (6) lib-hourly-hosts.inc.php, (7) lib-hourly.inc.php, (8) lib-history.inc.php, and (9) graph-daily.php.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 20

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Phpadsnew ≫ Phpadsnew Version2.0.4_pr1

Phpadsnew ≫ Phpadsnew Version2.0.5

Phpadsnew ≫ Phpadsnew Version2.0.6

Phpadsnew ≫ Phpadsnew Version2.0_beta5

Phpadsnew ≫ Phpadsnew Version2.0_beta6

Phpadsnew ≫ Phpadsnew Version2_dev_2001-09-30

Phpadsnew ≫ Phpadsnew Version2_dev_2001-10-09

Phppgads ≫ Phppgads Version2.0.6

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	2.01%	0.821

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

http://marc.info/?l=bugtraq&m=113165036315035&w=2

http://seclists.org/lists/bugtraq/2005/Nov/0189.html

http://secunia.com/advisories/17464/

Patch

Vendor Advisory

http://securityreason.com/securityalert/171

http://sourceforge.net/project/shownotes.php?group_id=36679&release_id=370942

http://www.fitsec.com/advisories/FS-05-01.txt

Vendor Advisory

http://www.osvdb.org/20735

http://www.osvdb.org/20736

http://www.osvdb.org/20737

http://www.osvdb.org/20738

http://www.osvdb.org/20739

http://www.osvdb.org/20740

http://www.osvdb.org/20741

http://www.osvdb.org/20742

http://www.osvdb.org/20743

http://www.vupen.com/english/advisories/2005/2380

Vendor Advisory

https://exchange.xforce.ibmcloud.com/vulnerabilities/23043

https://nvd.nist.gov/vuln/detail/CVE-2005-3645

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2005-3645

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2005-3645

EUVD