CVE-2005-0828
CVSS5.0
发布时间 :2005-05-02 00:00:00
修订时间 :2016-10-17 23:14:58
NMCOS    

[原文]highlight.php in (1) RUNCMS 1.1A, (2) CIAMOS 0.9.2 RC1, (3) e-Xoops 1.05 Rev3, and possibly other products based on e-Xoops (exoops), allows remote attackers to read arbitrary PHP files by specifying the pathname in the file parameter, as demonstrated by reading database configuration information from mainfile.php.


[CNNVD]RunCMS数据库配置信息泄露漏洞(CNNVD-200505-586)

        (1)RUNCMS 1.1A,(2)CIAMOS 0.9.2 RC1,(3)e-Xoops 1.05 Rev3及可能的其他基于e-Xoops (exoops)的产品中的highlight.php使得远程攻击者可以通过在文件参数中指定路径名来读取任意PHP文件,如从mainfile.php中读取数据库配置信息。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:runcms:runcms:1.1a
cpe:/a:e-xoops:e-xoops:1.05r3
cpe:/a:ciamos:ciamos:0.9.2_rc1

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0828
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0828
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200505-586
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=111117241923006&w=2
(UNKNOWN)  BUGTRAQ  20050318 runcms highlight.php hole
http://marc.info/?l=bugtraq&m=111125645312693&w=2
(UNKNOWN)  BUGTRAQ  20050319 Ciamos Highlight.php Security Hole(IHS)
http://securitytracker.com/id?1013485
(UNKNOWN)  SECTRACK  1013485
http://www.ihsteam.com/download/advisory/Exoops%20highlight%20hole.txt
(UNKNOWN)  MISC  http://www.ihsteam.com/download/advisory/Exoops%20highlight%20hole.txt
http://www.ihsteam.com/download/sections/runcms%20advisory%20-%20eng.pdf
(VENDOR_ADVISORY)  MISC  http://www.ihsteam.com/download/sections/runcms%20advisory%20-%20eng.pdf
http://www.securityfocus.com/bid/12848
(UNKNOWN)  BID  12848
http://xforce.iss.net/xforce/xfdb/19754
(UNKNOWN)  XF  ciamos-file-information-disclosure(19754)

- 漏洞信息

RunCMS数据库配置信息泄露漏洞
中危 设计错误
2005-05-02 00:00:00 2005-10-20 00:00:00
远程  
        (1)RUNCMS 1.1A,(2)CIAMOS 0.9.2 RC1,(3)e-Xoops 1.05 Rev3及可能的其他基于e-Xoops (exoops)的产品中的highlight.php使得远程攻击者可以通过在文件参数中指定路径名来读取任意PHP文件,如从mainfile.php中读取数据库配置信息。

- 公告与补丁

        暂无数据

- 漏洞信息

14890
E-Xoops highlight.php Information Disclosure
Remote / Network Access Information Disclosure
Loss of Confidentiality Solution Unknown
Exploit Public

- 漏洞描述

E-Xoops contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker invokes highlight.php to view the source code of mainfile.php, which will disclose database connection information, including the password resulting in a loss of confidentiality.

- 时间线

2005-03-19 Unknow
2005-03-19 Unknow

- 解决方案

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

- 相关参考

- 漏洞作者

- 漏洞信息

RunCMS Database Configuration Information Disclosure Vulnerability
Design Error 12848
Yes No
2005-03-18 12:00:00 2009-07-12 10:56:00
Discovery of this vulnerability is credited to "Majid NT" <NT@ihsteam.com>.

- 受影响的程序版本

RunCMS RunCMS 1.1
E-Xoops E-Xoops 1.0 5r3

- 漏洞讨论

RunCMS is reportedly affected by an information disclosure vulnerability. This issue is due to a failure in the application to secure sensitive information.

Exploitation of this vulnerability could lead to the disclosure of database configuration details, including the database name, user name and password.

RunCMS was formerly named E-Xoops.

- 漏洞利用

No exploit is required.

The following proof of concept is available:
http://www.example.com/[runcms]/class/debug/highlight.php?file=[runcmsinstallationpath]\mainfile.php&amp;line=151#151

- 解决方案

Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com <mailto:vuldb@securityfocus.com>.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站