Vulnerability CVE-2004-2671
Published: 2004-12-31   Modified: 2012-02-12

Description:
mod.php in eNdonesia 8.3 allows remote attackers to obtain sensitive information via certain direct requests, and certain requests with invalid parameter values, which reveal the path in various error messages, as demonstrated by the (1) mod and (2) cid parameters.

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
Endonesia -> Endonesia 

 References:
http://echo.or.id/adv/adv02-y3dips-2004.txt
http://securitytracker.com/id?1010864
http://www.securityfocus.com/archive/1/370855
http://www.securityfocus.com/bid/8507
https://exchange.xforce.ibmcloud.com/vulnerabilities/13042
Copyright 2024, cxsecurity.com

 

Back to Top