Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2001-1437

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2001-1437
Last Modified 05 Sep 2008 04:26:33
Published 01 Dec 2001 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2001-1437

Summary

easyScripts easyNews 1.5 allows remote attackers to obtain the full path of the web root via a view request with a non-integer news message id field, which leaks the path in a PHP error message when the script times out.

Vulnerable Systems

Application

  • Easyscripts Easynews 1.5


References

CERT-VN - VU#597795

XF - easynews-php-reveal-path(7660)

BID - 3649

BUGTRAQ - 20011201 easynews 1.5 let's remote users modify database


Last Updated: 27 May 2016 10:36:40