CVE-2005-2887

MAXdev MD-Pro 1.0.73, and possibly earlier versions, allows remote attackers to obtain sensitive information via a direct request to (1) wiki.php, (2) AutoTheme directory, (3) Blocks directory, (4) admin.php, (5) pnadmin.php, or (6) Topics directory, which reveal the path in an error message.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://rgod.altervista.org/maxdev1073.html	Exploit Vendor Advisory
http://secunia.com/advisories/16731/	Exploit Vendor Advisory
http://marc.info/?l=bugtraq&m=112603835317458&w=2
https://exchange.xforce.ibmcloud.com/vulnerabilities/22201

Configurations

Configuration 1 (hide)

cpe:2.3:a:maxdev:md-pro:1.0.73:*:*:*:*:*:*:*

Information

Published : 2005-09-14 13:03

Updated : 2017-07-10 18:33

NVD link : CVE-2005-2887

Mitre link : CVE-2005-2887

JSON object : View

CWE

NVD-CWE-Other

Products Affected

maxdev

md-pro

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://rgod.altervista.org/maxdev1073.html", "name": "http://rgod.altervista.org/maxdev1073.html", "tags": ["Exploit", "Vendor Advisory"], "refsource": "MISC"}, {"url": "http://secunia.com/advisories/16731/", "name": "16731", "tags": ["Exploit", "Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://marc.info/?l=bugtraq&m=112603835317458&w=2", "name": "20050906 MAXdev MD-Pro 1.0.73 (possibly prior versions) remote code execution / cross site scripting / path disclosure", "tags": [], "refsource": "BUGTRAQ"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22201", "name": "mdpro-multiple-path-disclosure(22201)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "MAXdev MD-Pro 1.0.73, and possibly earlier versions, allows remote attackers to obtain sensitive information via a direct request to (1) wiki.php, (2) AutoTheme directory, (3) Blocks directory, (4) admin.php, (5) pnadmin.php, or (6) Topics directory, which reveal the path in an error message."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2005-2887", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2005-09-14T20:03Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:maxdev:md-pro:1.0.73:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-07-11T01:33Z"}

5.0 /10