CVE-2005-1698

PostNuke 0.750 and 0.760RC3 allows remote attackers to obtain sensitive information via a direct request to (1) theme.php or (2) Xanthia.php in the Xanthia module, (3) user.php, (4) thelang.php, (5) text.php, (6) html.php, (7) menu.php, (8) finclude.php, or (9) button.php in the pnblocks directory in the Blocks module, (10) config.php in the NS-Multisites (aka Multisites) module, or (11) xmlrpc.php, which reveals the path in an error message.
References
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:postnuke:postnuke:0.750:*:*:*:*:*:*:*
cpe:2.3:a:postnuke:postnuke:0.760:rc3:*:*:*:*:*:*

History

20 Nov 2024, 23:57

Type Values Removed Values Added
References () http://marc.info/?l=bugtraq&m=111670506926649&w=2 - Third Party Advisory () http://marc.info/?l=bugtraq&m=111670506926649&w=2 - Third Party Advisory

25 Jan 2024, 21:08

Type Values Removed Values Added
References (BUGTRAQ) http://marc.info/?l=bugtraq&m=111670506926649&w=2 - (BUGTRAQ) http://marc.info/?l=bugtraq&m=111670506926649&w=2 - Third Party Advisory
CPE cpe:2.3:a:postnuke_software_foundation:postnuke:0.760_rc3:*:*:*:*:*:*:*
cpe:2.3:a:postnuke_software_foundation:postnuke:0.750:*:*:*:*:*:*:*
cpe:2.3:a:postnuke:postnuke:0.760:rc3:*:*:*:*:*:*
cpe:2.3:a:postnuke:postnuke:0.750:*:*:*:*:*:*:*
First Time Postnuke postnuke
Postnuke
CWE NVD-CWE-Other CWE-425

Information

Published : 2005-05-24 04:00

Updated : 2024-11-20 23:57


NVD link : CVE-2005-1698

Mitre link : CVE-2005-1698

CVE.ORG link : CVE-2005-1698


JSON object : View

Products Affected

postnuke

  • postnuke
CWE
CWE-425

Direct Request ('Forced Browsing')