Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2001-1437


Vulnerability Score 7.5 7.5
CVE Id CVE-2001-1437
Last Modified 05 Sep 2008 04:26:33
Published 01 Dec 2001 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



easyScripts easyNews 1.5 allows remote attackers to obtain the full path of the web root via a view request with a non-integer news message id field, which leaks the path in a PHP error message when the script times out.

Vulnerable Systems


  • Easyscripts Easynews 1.5


CERT-VN - VU#597795

XF - easynews-php-reveal-path(7660)

BID - 3649

BUGTRAQ - 20011201 easynews 1.5 let's remote users modify database

Last Updated: 27 May 2016 10:36:40