ID CVE-2005-0827
Summary Viewcat.php in (1) RUNCMS 1.1A, (2) Ciamos 0.9.2 RC1, e-Xoops 1.05 Rev3, and possibly other products based on e-Xoops (exoops), allow remote attackers to obtain sensitive information via an invalid parameter to the convertorderbytrans function, which reveals the path in a PHP error message.
References
Vulnerable Configurations
  • cpe:2.3:a:runcms:runcms:1.1a:*:*:*:*:*:*:*
    cpe:2.3:a:runcms:runcms:1.1a:*:*:*:*:*:*:*
  • cpe:2.3:a:e-xoops:e-xoops:1.05_rev3:*:*:*:*:*:*:*
    cpe:2.3:a:e-xoops:e-xoops:1.05_rev3:*:*:*:*:*:*:*
  • cpe:2.3:a:ciamos:ciamos:0.9.2_rc1:*:*:*:*:*:*:*
    cpe:2.3:a:ciamos:ciamos:0.9.2_rc1:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 14-02-2024 - 01:17)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:N/A:N
refmap via4
bugtraq
  • 20050318 runcms installation path
  • 20050319 Ciamos Installation path(IHS)
misc http://www.ihsteam.com/download/sections/runcms%20advisory%20-%20eng.pdf
secunia 14641
xf ciamos-viewcat-path-disclosure(19755)
Last major update 14-02-2024 - 01:17
Published 02-05-2005 - 04:00
Last modified 14-02-2024 - 01:17
Back to Top