The RSS module in PostNuke 0.750 and 0.760RC2 and RC3 allows remote attackers to obtain sensitive information via a direct request to simple_smarty.php, which reveals the path in an error message.
References
Link | Resource |
---|---|
http://marc.info/?l=bugtraq&m=111670482500552&w=2 | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
28 Dec 2023, 19:27
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-425 | |
First Time |
Postnuke postnuke
Postnuke |
|
CPE | cpe:2.3:a:postnuke_software_foundation:postnuke:0.760_rc2:*:*:*:*:*:*:* cpe:2.3:a:postnuke_software_foundation:postnuke:0.750:*:*:*:*:*:*:* |
cpe:2.3:a:postnuke:postnuke:0.760:rc2:*:*:*:*:*:* cpe:2.3:a:postnuke:postnuke:0.760:rc3:*:*:*:*:*:* cpe:2.3:a:postnuke:postnuke:0.750:*:*:*:*:*:*:* |
References | (BUGTRAQ) http://marc.info/?l=bugtraq&m=111670482500552&w=2 - Third Party Advisory |
Information
Published : 2005-05-24 04:00
Updated : 2024-02-28 10:42
NVD link : CVE-2005-1697
Mitre link : CVE-2005-1697
CVE.ORG link : CVE-2005-1697
JSON object : View
Products Affected
postnuke
- postnuke
CWE
CWE-425
Direct Request ('Forced Browsing')