CVE-2004-1385

Sažetak

phpGroupWare 0.9.16.003 and earlier allows remote attackers to gain sensitive information via (1) unexpected characters in the session ID such as shell metacharacters, (2) an invalid appname parameter to preferences.php or (3) an invalid menuaction parameter to index.php, which reveals the web server path in an error message.

Reference

http://marc.info/?l=bugtraq&m=110312656029072&w=2
http://www.gentoo.org/security/en/glsa/glsa-200501-08.xml
http://www.gulftech.org/?node=research&article_id=00054-12142004
https://exchange.xforce.ibmcloud.com/vulnerabilities/18497

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

11-07-2017 - 01:30

Objavljeno

31-12-2004 - 05:00