Vulnerabilities > CVE-2005-0828
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
highlight.php in (1) RUNCMS 1.1A, (2) CIAMOS 0.9.2 RC1, (3) e-Xoops 1.05 Rev3, and possibly other products based on e-Xoops (exoops), allows remote attackers to read arbitrary PHP files by specifying the pathname in the file parameter, as demonstrated by reading database configuration information from mainfile.php.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 | |
Application | 1 | |
Application | 1 |
Exploit-Db
description | RunCMS 1.1 Database Configuration Information Disclosure Vulnerability. CVE-2005-0828. Webapps exploit for php platform |
id | EDB-ID:25237 |
last seen | 2016-02-03 |
modified | 2005-03-18 |
published | 2005-03-18 |
reporter | Majid NT |
source | https://www.exploit-db.com/download/25237/ |
title | RunCMS 1.1 Database Configuration Information Disclosure Vulnerability |
References
- http://www.ihsteam.com/download/sections/runcms%20advisory%20-%20eng.pdf
- http://www.ihsteam.com/download/advisory/Exoops%20highlight%20hole.txt
- http://www.securityfocus.com/bid/12848
- http://secunia.com/advisories/14648
- http://secunia.com/advisories/14641
- http://www.osvdb.org/14890
- http://securitytracker.com/id?1013485
- http://marc.info/?l=bugtraq&m=111117241923006&w=2
- http://marc.info/?l=bugtraq&m=111125645312693&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/19754