Vulnerability Details CVE-2005-3645
phpAdsNew and phpPgAds 2.0.6 and possibly earlier versions allows remote attackers to obtain the application installation path and other sensitive information via direct requests to (1) create.php, and if display_errors is enabled, (2) lib-updates.inc.php, (3) lib-targetstats.inc.php, (4) lib-size.inc.php, (5) lib-misc-stats.inc.php, (6) lib-hourly-hosts.inc.php, (7) lib-hourly.inc.php, (8) lib-history.inc.php, and (9) graph-daily.php.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.02
EPSS Ranking 83.0%
CVSS Severity
CVSS v2 Score 5.0
References
- http://marc.info/?l=bugtraq&m=113165036315035&w=2
- http://seclists.org/lists/bugtraq/2005/Nov/0189.html
- http://secunia.com/advisories/17464/
- http://securityreason.com/securityalert/171
- http://sourceforge.net/project/shownotes.php?group_id=36679&release_id=370942
- http://www.fitsec.com/advisories/FS-05-01.txt
- http://www.osvdb.org/20735
- http://www.osvdb.org/20736
- http://www.osvdb.org/20737
- http://www.osvdb.org/20738
- http://www.osvdb.org/20739
- http://www.osvdb.org/20740
- http://www.osvdb.org/20741
- http://www.osvdb.org/20742
- http://www.osvdb.org/20743
- http://www.vupen.com/english/advisories/2005/2380
- https://exchange.xforce.ibmcloud.com/vulnerabilities/23043
- http://marc.info/?l=bugtraq&m=113165036315035&w=2
- http://seclists.org/lists/bugtraq/2005/Nov/0189.html
- http://secunia.com/advisories/17464/
- http://securityreason.com/securityalert/171
- http://sourceforge.net/project/shownotes.php?group_id=36679&release_id=370942
- http://www.fitsec.com/advisories/FS-05-01.txt
- http://www.osvdb.org/20735
- http://www.osvdb.org/20736
- http://www.osvdb.org/20737
- http://www.osvdb.org/20738
- http://www.osvdb.org/20739
- http://www.osvdb.org/20740
- http://www.osvdb.org/20741
- http://www.osvdb.org/20742
- http://www.osvdb.org/20743
- http://www.vupen.com/english/advisories/2005/2380
- https://exchange.xforce.ibmcloud.com/vulnerabilities/23043
Products affected by CVE-2005-3645
-
cpe:2.3:a:phpadsnew:phpadsnew:2.0.4_pr1
-
cpe:2.3:a:phpadsnew:phpadsnew:2.0.5
-
cpe:2.3:a:phpadsnew:phpadsnew:2.0.6
-
cpe:2.3:a:phpadsnew:phpadsnew:2.0_beta5
-
cpe:2.3:a:phpadsnew:phpadsnew:2.0_beta6
-
cpe:2.3:a:phpadsnew:phpadsnew:2_dev_2001-09-30
-
cpe:2.3:a:phpadsnew:phpadsnew:2_dev_2001-10-09
-
cpe:2.3:a:phppgads:phppgads:2.0.6