CVE-2005-4017

Sažetak

property.php in Widget Property 1.1.19 allows remote attackers to obtain the full server path via an invalid lang value, which leaks the path in the resulting error message.

Reference

http://pridels0.blogspot.com/2005/12/widget-property-vuln.html
http://secunia.com/advisories/17829
http://www.osvdb.org/21427

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

20-09-2008 - 04:41

Objavljeno

05-12-2005 - 11:03