Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0729

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2004-0729
Last Modified 05 Sep 2008 04:39:14
Published 27 Jul 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-0729

Summary

PhpBB 2.0.8 allows remote attackers to gain sensitive information via an invalid (1) category_rows parameter to index.php, (2) faq parameter to faq.php, or (3) ranksrow parameter to profile.php, which reveal the full path in an error message.

Vulnerable Systems

Application

  • Phpbb Group Phpbb 2.0.8

  • Phpbb Group Phpbb 2.0.8a


References

BUGTRAQ - 20040716 [waraxe-2004-SA#034 - XSS and path full path disclosure in PhpBB 2.0.8]

XF - phpbb-usercpviewprofile-path-disclosure(16723)

XF - phpbb-lang-faq-path-disclosure(16720)

XF - phpbb-indexphp-path-disclosure(16716)

MISC - http://www.waraxe.us/index.php?modname=sa&id=34


Last Updated: 27 May 2016 10:38:44