Vulnerability Details CVE-2004-2398
Netenberg Fantastico De Luxe 2.8 uses database file names that contain the associated usernames, which allows local users to determine valid usernames and conduct brute force attacks by reading the file names from /var/lib/mysql, which is assigned world-readable permissions by cPanel 9.3.0 R5.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 16.2%
CVSS Severity
CVSS v2 Score 2.1
References
- http://archives.neohapsis.com/archives/bugtraq/2004-05/0206.html
- http://www.securityfocus.com/bid/10390
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16197
- http://archives.neohapsis.com/archives/bugtraq/2004-05/0206.html
- http://www.securityfocus.com/bid/10390
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16197
Products affected by CVE-2004-2398
-
cpe:2.3:a:netenberg:fantastico_de_luxe:2.8