CVE-2004-1937 in Nuked-Klaninfo

Summary

Multiple directory traversal vulnerabilities in Nuked-KlaN 1.4b and 1.5b allow remote attackers to read or include arbitrary files via .. sequences in (1) the user_langue parameter to index.php or (2) the langue parameter to update.php, or modify arbitrary GLOBAL variables by causing globals.php to be loaded before conf.inc.php via (3) .. sequences in the file parameter with the page parameter set to globals, or (4) ../globals.php in the user_langue parameter, as demonstrated by modifying $nuked[prefix] in the Suggest module.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Reservation

05/04/2005

Disclosure

12/31/2004

Moderation

VulDB entry created

Entries

1: VDB-22970

CPE

ready

CWE

CWE-22 (Confirmed)

Exploit

Download

CVSS

5.3

EPSS

0.10434

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2004-1937
NVD	https://nvd.nist.gov/vuln/detail/CVE-2004-1937
CVE Details	https://www.cvedetails.com/cve/CVE-2004-1937/

◂ Previous Overview Next ▸

Might our Artificial Intelligence support you?

Check our Alexa App!