CVE-2005-1698
Summary
| CVE | CVE-2005-1698 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2005-05-24 04:00:00 UTC |
| Updated | 2024-01-25 21:08:00 UTC |
| Description | PostNuke 0.750 and 0.760RC3 allows remote attackers to obtain sensitive information via a direct request to (1) theme.php or (2) Xanthia.php in the Xanthia module, (3) user.php, (4) thelang.php, (5) text.php, (6) html.php, (7) menu.php, (8) finclude.php, or (9) button.php in the pnblocks directory in the Blocks module, (10) config.php in the NS-Multisites (aka Multisites) module, or (11) xmlrpc.php, which reveals the path in an error message. |
Risk And Classification
Problem Types: CWE-425
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Postnuke | Postnuke | 0.750 | All | All | All |
| Application | Postnuke | Postnuke | 0.760 | rc3 | All | All |
| Application | Postnuke Software Foundation | Postnuke | 0.750 | All | All | All |
| Application | Postnuke Software Foundation | Postnuke | 0.760_rc3 | All | All | All |
| Application | Postnuke Software Foundation | Postnuke | 0.750 | All | All | All |
| Application | Postnuke Software Foundation | Postnuke | 0.760_rc3 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| '[SECURITYREASON.COM] PostNuke XSS and Full path disclosure' - MARC | BUGTRAQ | marc.info | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.