phpWebSite up to 0.10.0 Error Message index.php SEA_search_module information disclosure

entryeditHistoryDiffjsonxmlCTI

A vulnerability classified as problematic was found in phpWebSite up to 0.10.0 (Content Management System). Affected by this vulnerability is an unknown part of the file index.php of the component Error Message Handler. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Field03/10/2015 11:05 PM02/23/2017 03:01 PM
typeContent Management SystemContent Management System
namephpWebSitephpWebSite
version0.9.0/0.9.1/0.9.2/0.9.2.1/0.9.3/0.9.3.1/0.9.3.2/0.9.3.3/0.9.3.4/0.10.00.9.0/0.9.1/0.9.2/0.9.2.1/0.9.3/0.9.3.1/0.9.3.2/0.9.3.3/0.9.3.4/0.10.0
componentError Message HandlerError Message Handler
fileindex.phpindex.php
argumentSEA_search_moduleSEA_search_module
risk11
cvss2_vuldb_basescore5.05.0
cvss2_vuldb_tempscore5.05.0
cvss2_vuldb_avNN
cvss2_vuldb_acLL
cvss2_vuldb_auNN
cvss2_vuldb_ciPP
cvss2_vuldb_iiNN
cvss2_vuldb_aiNN
cvss3_meta_basescore5.35.3
cvss3_meta_tempscore5.35.3
cvss3_vuldb_basescore5.35.3
cvss3_vuldb_tempscore5.35.3
date1114992000 (05/02/2005)1114992000 (05/02/2005)
urlhttp://www.gentoo.org/security/en/glsa/glsa-200503-04.xmlhttp://www.gentoo.org/security/en/glsa/glsa-200503-04.xml
price_0day$0-$5k$0-$5k
cveCVE-2005-0572CVE-2005-0572
cve_nvd_published11149920001114992000
cve_nvd_summaryindex.php in phpWebSite 0.10.0 and earlier allows remote attackers to obtain sensitive information via an invalid SEA_search_module parameter, which reveals the path in a PHP error message.index.php in phpWebSite 0.10.0 and earlier allows remote attackers to obtain sensitive information via an invalid SEA_search_module parameter, which reveals the path in a PHP error message.
vulnerabilitycenter2555625556
vulnerabilitycenter_titlephpWebSite 0.10.0 and Prior Remote Information Disclosure Vulnerability via a Crafted URL RequestphpWebSite 0.10.0 and Prior Remote Information Disclosure Vulnerability via a Crafted URL Request
vulnerabilitycenter_severityMediumMedium
vulnerabilitycenter_creationdate12724128001272412800
vulnerabilitycenter_lastupdatedate13963968001396396800
vulnerabilitycenter_reportingdate11092896001109289600
xforce1948019480
nessus_id1725117251
nessus_nameGLSA-200503-04 : phpWebSite: Arbitrary PHP execution and path disclosureGLSA-200503-04 : phpWebSite: Arbitrary PHP execution and path disclosure
nessus_filenamegentoo_GLSA-200503-04.naslgentoo_GLSA-200503-04.nasl
nessus_familyGentoo Local Security ChecksGentoo Local Security Checks
openvas_id5486954869
openvas_filenameglsa_200503_04.naslglsa_200503_04.nasl
openvas_titleGentoo Security Advisory GLSA 200503-04 (phpwebsite)Gentoo Security Advisory GLSA 200503-04 (phpwebsite)
openvas_familyGentoo Local Security ChecksGentoo Local Security Checks
seealso2451124511
cwe200 (information disclosure)200 (information disclosure)
locationWebsiteWebsite
cvss2_vuldb_eNDND
cvss2_vuldb_rlNDND
cvss2_vuldb_rcNDND
cvss3_vuldb_eXX
cvss3_vuldb_rlXX
cvss3_vuldb_rcXX
cvss3_vuldb_avNN
cvss3_vuldb_acLL
cvss3_vuldb_prNN
cvss3_vuldb_uiNN
cvss3_vuldb_sUU
cvss3_vuldb_cLL
cvss3_vuldb_iNN
cvss3_vuldb_aNN
cvss2_nvd_avN
cvss2_nvd_acL
cvss2_nvd_auN
cvss2_nvd_ciP
cvss2_nvd_iiN
cvss2_nvd_aiN

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!