CVE-2005-0828 - OpenCVE

highlight.php in (1) RUNCMS 1.1A, (2) CIAMOS 0.9.2 RC1, (3) e-Xoops 1.05 Rev3, and possibly other products based on e-Xoops (exoops), allows remote attackers to read arbitrary PHP files by specifying the pathname in the file parameter, as demonstrated by reading database configuration information from mainfile.php.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Ciamos	Ciamos
Runcms	Runcms
E-xoops	E-xoops

Configuration 1 [-]

OR	cpe:2.3:a:ciamos:ciamos:0.9.2_rc1:::::::*
	cpe:2.3:a:e-xoops:e-xoops:1.05r3:::::::*
	cpe:2.3:a:runcms:runcms:1.1a:::::::*

References

Link	Resource
http://marc.info/?l=bugtraq&m=111117241923006&w=2
http://marc.info/?l=bugtraq&m=111125645312693&w=2
http://secunia.com/advisories/14641	Patch Vendor Advisory
http://secunia.com/advisories/14648	Vendor Advisory
http://securitytracker.com/id?1013485
http://www.ihsteam.com/download/advisory/Exoops%20highlight%20hole.txt	Exploit URL Repurposed
http://www.ihsteam.com/download/sections/runcms%20advisory%20-%20eng.pdf	Vendor Advisory URL Repurposed
http://www.osvdb.org/14890
http://www.securityfocus.com/bid/12848	Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/19754

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2005-03-22T05:00:00

Updated: 2017-07-10T14:57:01

Reserved: 2005-03-22T00:00:00

Link: CVE-2005-0828

JSON object: View

NVD Information

Status : Modified

Published: 2005-05-02T04:00:00.000

Modified: 2024-02-14T01:17:43.863

Link: CVE-2005-0828

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2005-03-19T00:00:00", "descriptions": [{"lang": "en", "value": "highlight.php in (1) RUNCMS 1.1A, (2) CIAMOS 0.9.2 RC1, (3) e-Xoops 1.05 Rev3, and possibly other products based on e-Xoops (exoops), allows remote attackers to read arbitrary PHP files by specifying the pathname in the file parameter, as demonstrated by reading database configuration information from mainfile.php."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-10T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "1013485", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1013485"}, {"name": "20050319 Ciamos Highlight.php Security Hole(IHS)", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=111125645312693&w=2"}, {"name": "14890", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/14890"}, {"tags": ["x_refsource_MISC"], "url": "http://www.ihsteam.com/download/advisory/Exoops%20highlight%20hole.txt"}, {"name": "12848", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/12848"}, {"name": "14648", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/14648"}, {"name": "20050318 runcms highlight.php hole", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=111117241923006&w=2"}, {"tags": ["x_refsource_MISC"], "url": "http://www.ihsteam.com/download/sections/runcms%20advisory%20-%20eng.pdf"}, {"name": "ciamos-file-information-disclosure(19754)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19754"}, {"name": "14641", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/14641"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2005-0828", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "highlight.php in (1) RUNCMS 1.1A, (2) CIAMOS 0.9.2 RC1, (3) e-Xoops 1.05 Rev3, and possibly other products based on e-Xoops (exoops), allows remote attackers to read arbitrary PHP files by specifying the pathname in the file parameter, as demonstrated by reading database configuration information from mainfile.php."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "1013485", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1013485"}, {"name": "20050319 Ciamos Highlight.php Security Hole(IHS)", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=111125645312693&w=2"}, {"name": "14890", "refsource": "OSVDB", "url": "http://www.osvdb.org/14890"}, {"name": "http://www.ihsteam.com/download/advisory/Exoops%20highlight%20hole.txt", "refsource": "MISC", "url": "http://www.ihsteam.com/download/advisory/Exoops%20highlight%20hole.txt"}, {"name": "12848", "refsource": "BID", "url": "http://www.securityfocus.com/bid/12848"}, {"name": "14648", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/14648"}, {"name": "20050318 runcms highlight.php hole", "refsource": "BUGTRAQ", "url": "http://marc.info/?l=bugtraq&m=111117241923006&w=2"}, {"name": "http://www.ihsteam.com/download/sections/runcms%20advisory%20-%20eng.pdf", "refsource": "MISC", "url": "http://www.ihsteam.com/download/sections/runcms%20advisory%20-%20eng.pdf"}, {"name": "ciamos-file-information-disclosure(19754)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19754"}, {"name": "14641", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/14641"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2005-0828", "datePublished": "2005-03-22T05:00:00", "dateReserved": "2005-03-22T00:00:00", "dateUpdated": "2017-07-10T14:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:ciamos:ciamos:0.9.2_rc1:*:*:*:*:*:*:*", "matchCriteriaId": "5C7986E7-E5A1-4A86-9FC1-ECCDAAE47B6F", "vulnerable": true}, {"criteria": "cpe:2.3:a:e-xoops:e-xoops:1.05r3:*:*:*:*:*:*:*", "matchCriteriaId": "E5477DFD-E91A-43A0-BF44-C2ED9CB9699C", "vulnerable": true}, {"criteria": "cpe:2.3:a:runcms:runcms:1.1a:*:*:*:*:*:*:*", "matchCriteriaId": "E52D52A0-BA4A-424F-8A13-566E55F637B3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "highlight.php in (1) RUNCMS 1.1A, (2) CIAMOS 0.9.2 RC1, (3) e-Xoops 1.05 Rev3, and possibly other products based on e-Xoops (exoops), allows remote attackers to read arbitrary PHP files by specifying the pathname in the file parameter, as demonstrated by reading database configuration information from mainfile.php."}], "id": "CVE-2005-0828", "lastModified": "2024-02-14T01:17:43.863", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2005-05-02T04:00:00.000", "references": [{"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=111117241923006&w=2"}, {"source": "cve@mitre.org", "url": "http://marc.info/?l=bugtraq&m=111125645312693&w=2"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/14641"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/14648"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1013485"}, {"source": "cve@mitre.org", "tags": ["Exploit", "URL Repurposed"], "url": "http://www.ihsteam.com/download/advisory/Exoops%20highlight%20hole.txt"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory", "URL Repurposed"], "url": "http://www.ihsteam.com/download/sections/runcms%20advisory%20-%20eng.pdf"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/14890"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/12848"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/19754"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}