CVE-2005-2433

Properties

Published:
02.08.2005
Updated:
20.10.2005
Patch available:
Severity:
Low
  • CVSS vector:
    (AV:R/AC:L/Au:NR/C:C/I:N/A:N/B:N) Approximated
    Product:
    PhpList: PhpList

    Vulnerability description

    PhpList allows remote attackers to obtain sensitive information via a direct request to (1) about.php, (2) connect.php, (3) domainstats.php or (4) usercheck.php in public_html/lists/admin directory, (5) attributes.php, (6) dbcheck.php, (7) importcsv.php, (8) user.php, (9) usermgt.php, or (10) users.php in admin/commonlib/pages directory, (11) helloworld.php, or (12) sidebar.php in public_html/lists/admin/plugins directory, or (13) main.php in public_html/lists/admin/plugsins/defaultplugin directory, which reveal the path in an error message.

    References:

    BUGTRAQ: http://marc.theaimsgroup.com/?l=bugtraq&m=112258115325054&w=2
    OSVDB: http://www.osvdb.org/18317
    OSVDB: http://www.osvdb.org/18318
    OSVDB: http://www.osvdb.org/18319
    OSVDB: http://www.osvdb.org/18320
    OSVDB: http://www.osvdb.org/18321
    OSVDB: http://www.osvdb.org/18322
    OSVDB: http://www.osvdb.org/18323
    OSVDB: http://www.osvdb.org/18324
    OSVDB: http://www.osvdb.org/18325
    OSVDB: http://www.osvdb.org/18326
    OSVDB: http://www.osvdb.org/18327
    OSVDB: http://www.osvdb.org/18328
    OSVDB: http://www.osvdb.org/18329
    XF: http://xforce.iss.net/xforce/xfdb/21579