CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2005-0828

highlight.php in (1) RUNCMS 1.1A, (2) CIAMOS 0.9.2 RC1, (3) e-Xoops 1.05 Rev3, and possibly other products based on e-Xoops (exoops), allows remote attackers to read arbitrary PHP files by specifying the pathname in the file parameter, as demonstrated by reading database configuration information from mainfile.php.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.055

EPSS Ranking 89.7%

CVSS Severity

CVSS v2 Score 5.0

References

http://marc.info/?l=bugtraq&m=111117241923006&w=2
http://marc.info/?l=bugtraq&m=111125645312693&w=2
http://secunia.com/advisories/14641
http://secunia.com/advisories/14648
http://securitytracker.com/id?1013485
http://www.ihsteam.com/download/advisory/Exoops%20highlight%20hole.txt
http://www.ihsteam.com/download/sections/runcms%20advisory%20-%20eng.pdf
http://www.osvdb.org/14890
http://www.securityfocus.com/bid/12848
https://exchange.xforce.ibmcloud.com/vulnerabilities/19754
http://marc.info/?l=bugtraq&m=111117241923006&w=2
http://marc.info/?l=bugtraq&m=111125645312693&w=2
http://secunia.com/advisories/14641
http://secunia.com/advisories/14648
http://securitytracker.com/id?1013485
http://www.ihsteam.com/download/advisory/Exoops%20highlight%20hole.txt
http://www.ihsteam.com/download/sections/runcms%20advisory%20-%20eng.pdf
http://www.osvdb.org/14890
http://www.securityfocus.com/bid/12848
https://exchange.xforce.ibmcloud.com/vulnerabilities/19754

Products affected by CVE-2005-0828

Ciamos » Ciamos » Version: 0.9.2_rc1

cpe:2.3:a:ciamos:ciamos:0.9.2_rc1
E-Xoops » E-Xoops » Version: 1.05r3

cpe:2.3:a:e-xoops:e-xoops:1.05r3
Runcms » Runcms » Version: 1.1a

cpe:2.3:a:runcms:runcms:1.1a

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2005-0828

Products

Pricing

Contact Us