Lucene search

[email protected]CVE-2005-1136

HistoryApr 16, 2005 - 4:00 a.m.

CVE-2005-1136

2005-04-1604:00:00

[email protected]

web.nvd.nist.gov

php

sphpblog

sensitive information

security vulnerability

web application security

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.7 Medium

AI Score

Confidence

Low

0.007 Low

EPSS

Percentile

80.3%

JSON

Simple PHP Blog (sphpBlog) 0.4.0 stores the (1) password.txt and (2) config.txt files under the web document root, which allows remote attackers to obtain sensitive information and crack passwords via a direct request to these files.

Affected configurations

NVD

Node

sphpblogsphpblogMatch0.4_.0

CPENameOperatorVersion
sphpblog:sphpblogsphpblogeq0.4_.0

CPE	Name	Operator	Version
sphpblog:sphpblog	sphpblog	eq	0.4_.0

References

echo.or.id/adv/adv12-y3dips-2005.txt

marc.info/?l=bugtraq&m=111359320312609&w=2

www.waraxe.us/ftopict-651.html

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.7 Medium

AI Score

Confidence

Low

0.007 Low

EPSS

Percentile

80.3%

JSON

Related for CVE-2005-1136

nvd1 cvelist1