Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-4358

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2005-4358
Last Modified 07 Mar 2011 09:28:02
Published 19 Dec 2005 08:03:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2005-4358

Summary

admin/admin_disallow.php in phpBB 2.0.18 allows remote attackers to obtain the installation path via a direct request with a non-empty setmodules parameter, which causes an invalid append_sid function call that leaks the path in an error message.

Vulnerable Systems

Application

  • Phpbb Group Phpbb 2.0.18


References

VUPEN - ADV-2006-0010

VUPEN - ADV-2005-2991

BUGTRAQ - 20051230 phpbb2.0.19 fixes security issues

CONFIRM - http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=352966

OSVDB - 21804

SREASON - 269

MISC - http://securityreason.com/securityalert/269

SREASONRES - 20051217 phpBB 2.0.18 XSS and Full Path Disclosure

SECUNIA - 18252

SECUNIA - 18125


Last Updated: 27 May 2016 10:41:16