5

CVE-2005-4358

admin/admin_disallow.php in phpBB 2.0.18 allows remote attackers to obtain the installation path via a direct request with a non-empty setmodules parameter, which causes an invalid append_sid function call that leaks the path in an error message.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Phpbb GroupPhpbb Version2.0.18
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.08% 0.791
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://marc.info/?l=full-disclosure&m=113484567432679&w=2
http://secunia.com/advisories/18125
Vendor Advisory
http://secunia.com/advisories/18252
Vendor Advisory
http://securityreason.com/achievement_securityalert/29
http://securityreason.com/securityalert/269
http://www.securityfocus.com/archive/1/420537/100/0/threaded
http://www.vupen.com/english/advisories/2005/2991
http://www.vupen.com/english/advisories/2006/0010
http://www.osvdb.org/21804
http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=352966