CVE-2005-2433 - OpenCVE

PhpList allows remote attackers to obtain sensitive information via a direct request to (1) about.php, (2) connect.php, (3) domainstats.php or (4) usercheck.php in public_html/lists/admin directory, (5) attributes.php, (6) dbcheck.php, (7) importcsv.php, (8) user.php, (9) usermgt.php, or (10) users.php in admin/commonlib/pages directory, (11) helloworld.php, or (12) sidebar.php in public_html/lists/admin/plugins directory, or (13) main.php in public_html/lists/admin/plugsins/defaultplugin directory, which reveal the path in an error message.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Tincan	Phplist

Configuration 1 [-]

cpe:2.3:a:tincan:phplist:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://marc.info/?l=bugtraq&m=112258115325054&w=2
http://www.osvdb.org/18317
http://www.osvdb.org/18318
http://www.osvdb.org/18319
http://www.osvdb.org/18320
http://www.osvdb.org/18321
http://www.osvdb.org/18322
http://www.osvdb.org/18323
http://www.osvdb.org/18324
http://www.osvdb.org/18325
http://www.osvdb.org/18326
http://www.osvdb.org/18327
http://www.osvdb.org/18328
http://www.osvdb.org/18329
https://exchange.xforce.ibmcloud.com/vulnerabilities/21579

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2005-08-03T04:00:00

Updated: 2024-08-07T22:29:59.553Z

Reserved: 2005-08-03T00:00:00

Link: CVE-2005-2433

Vulnrichment

No data.

NVD

Status : Modified

Published: 2005-08-03T04:00:00.000

Modified: 2017-07-11T01:32:50.580

Link: CVE-2005-2433

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2005-07-28T00:00:00", "descriptions": [{"lang": "en", "value": "PhpList allows remote attackers to obtain sensitive information via a direct request to (1) about.php, (2) connect.php, (3) domainstats.php or (4) usercheck.php in public_html/lists/admin directory, (5) attributes.php, (6) dbcheck.php, (7) importcsv.php, (8) user.php, (9) usermgt.php, or (10) users.php in admin/commonlib/pages directory, (11) helloworld.php, or (12) sidebar.php in public_html/lists/admin/plugins directory, or (13) main.php in public_html/lists/admin/plugsins/defaultplugin directory, which reveal the path in an error message."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-10T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "18329", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/18329"}, {"name": "18323", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/18323"}, {"name": "18321", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/18321"}, {"name": "18326", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/18326"}, {"name": "phplist-multiple-scripts-path-disclosure(21579)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21579"}, {"name": "18322", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/18322"}, {"name": "18325", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/18325"}, {"name": "18327", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/18327"}, {"name": "18328", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/18328"}, {"name": "18318", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/18318"}, {"name": "18324", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/18324"}, {"name": "18317", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/18317"}, {"name": "20050728 PhpList Sql Injection and Path Disclosure", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=112258115325054&w=2"}, {"name": "18320", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/18320"}, {"name": "18319", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/18319"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2005-2433", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "PhpList allows remote attackers to obtain sensitive information via a direct request to (1) about.php, (2) connect.php, (3) domainstats.php or (4) usercheck.php in public_html/lists/admin directory, (5) attributes.php, (6) dbcheck.php, (7) importcsv.php, (8) user.php, (9) usermgt.php, or (10) users.php in admin/commonlib/pages directory, (11) helloworld.php, or (12) sidebar.php in public_html/lists/admin/plugins directory, or (13) main.php in public_html/lists/admin/plugsins/defaultplugin directory, which reveal the path in an error message."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "18329", "refsource": "OSVDB", "url": "http://www.osvdb.org/18329"}, {"name": "18323", "refsource": "OSVDB", "url": "http://www.osvdb.org/18323"}, {"name": "18321", "refsource": "OSVDB", "url": "http://www.osvdb.org/18321"}, {"name": "18326", "refsource": "OSVDB", "url": "http://www.osvdb.org/18326"}, {"name": "phplist-multiple-scripts-path-disclosure(21579)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21579"}, {"name": "18322", "refsource": "OSVDB", "url": "http://www.osvdb.org/18322"}, {"name": "18325", "refsource": "OSVDB", "url": "http://www.osvdb.org/18325"}, {"name": "18327", "refsource": "OSVDB", "url": "http://www.osvdb.org/18327"}, {"name": "18328", "refsource": "OSVDB", "url": "http://www.osvdb.org/18328"}, {"name": "18318", "refsource": "OSVDB", "url": "http://www.osvdb.org/18318"}, {"name": "18324", "refsource": "OSVDB", "url": "http://www.osvdb.org/18324"}, {"name": "18317", "refsource": "OSVDB", "url": "http://www.osvdb.org/18317"}, {"name": "20050728 PhpList Sql Injection and Path Disclosure", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=112258115325054&w=2"}, {"name": "18320", "refsource": "OSVDB", "url": "http://www.osvdb.org/18320"}, {"name": "18319", "refsource": "OSVDB", "url": "http://www.osvdb.org/18319"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T22:29:59.553Z"}, "title": "CVE Program Container", "references": [{"name": "18329", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/18329"}, {"name": "18323", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/18323"}, {"name": "18321", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/18321"}, {"name": "18326", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/18326"}, {"name": "phplist-multiple-scripts-path-disclosure(21579)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21579"}, {"name": "18322", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/18322"}, {"name": "18325", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/18325"}, {"name": "18327", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/18327"}, {"name": "18328", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/18328"}, {"name": "18318", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/18318"}, {"name": "18324", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/18324"}, {"name": "18317", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/18317"}, {"name": "20050728 PhpList Sql Injection and Path Disclosure", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://marc.info/?l=bugtraq&m=112258115325054&w=2"}, {"name": "18320", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/18320"}, {"name": "18319", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/18319"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2005-2433", "datePublished": "2005-08-03T04:00:00", "dateReserved": "2005-08-03T00:00:00", "dateUpdated": "2024-08-07T22:29:59.553Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tincan:phplist:*:*:*:*:*:*:*:*", "matchCriteriaId": "35D81DDB-41DD-406E-85A1-49B739B519E4", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "PhpList allows remote attackers to obtain sensitive information via a direct request to (1) about.php, (2) connect.php, (3) domainstats.php or (4) usercheck.php in public_html/lists/admin directory, (5) attributes.php, (6) dbcheck.php, (7) importcsv.php, (8) user.php, (9) usermgt.php, or (10) users.php in admin/commonlib/pages directory, (11) helloworld.php, or (12) sidebar.php in public_html/lists/admin/plugins directory, or (13) main.php in public_html/lists/admin/plugsins/defaultplugin directory, which reveal the path in an error message."}, {"lang": "es", "value": "PhoList permite que atacantes remotos obtengan informaci\u00f3n confidencial mediante una petici\u00f3n directa a: (1) about.php, (2) connect.php, (3) domainstats.php o (4) usercheck.php en el directorio public_html/lists/admin , (5) attributes.php, (6) dbcheck.php, (7) importcsv.php, (8) user.php, (9) usermgt.php, o (10) users.php en el directorio admin/commonlib/pages , (11) helloworld.php, o (12) sidebar.php en el directorio public_html/lists/admin/plugins, o (13) main.php en el directorio public_html/lists/admin/plugsins/defaultplugin, lo que revela el path en un mensaje de error."}], "id": "CVE-2005-2433", "lastModified": "2017-07-11T01:32:50.580", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2005-08-03T04:00:00.000", "references": [{"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=112258115325054&w=2"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/18317"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/18318"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/18319"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/18320"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/18321"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/18322"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/18323"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/18324"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/18325"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/18326"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/18327"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/18328"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/18329"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21579"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}