CVE-2005-4219

setting.php in Innovative CMS (ICMS, formerly Imoel-CMS) contains username and password information in cleartext, which might allow attackers to obtain this information via a direct request to setting.php. NOTE: on a properly configured web server, it would be expected that a .php file would be processed before content is returned to the user, so this might not be a vulnerability.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://securityreason.com/securityalert/250
http://securitytracker.com/id?1015343	Exploit Vendor Advisory
http://www.osvdb.org/21766
http://www.securityfocus.com/archive/1/419238/100/0/threaded
http://www.securityfocus.com/archive/1/419500/100/0/threaded

Configurations

Configuration 1 (hide)

cpe:2.3:a:innovative_cms:innovative_cms:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2005-12-14 11:03

Updated : 2018-10-19 15:40

NVD link : CVE-2005-4219

Mitre link : CVE-2005-4219

CVE.ORG link : CVE-2005-4219

JSON object : View

Products Affected

innovative_cms

innovative_cms

CWE

NVD-CWE-Other

{"id": "CVE-2005-4219", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2005-12-14T11:03:00.000", "references": [{"url": "http://securityreason.com/securityalert/250", "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1015343", "tags": ["Exploit", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/21766", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/419238/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/419500/100/0/threaded", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "setting.php in Innovative CMS (ICMS, formerly Imoel-CMS) contains username and password information in cleartext, which might allow attackers to obtain this information via a direct request to setting.php. NOTE: on a properly configured web server, it would be expected that a .php file would be processed before content is returned to the user, so this might not be a vulnerability."}, {"lang": "es", "value": "setting.php en Innovative CMS (ICMS, anteriormente Imoel-CMS) contiene informaci\u00f3n de nombres de usuario y contrase\u00f1as en texto claro, lo que podr\u00eda permitir a atacantes obtener esta informaci\u00f3n mediante una petici\u00f3n directa a settings.php.\r\nNOTA: en un servidor web apropiadamente configurado, ser\u00eda de esperar que un fichero .php sea procesado antes de que su contenido sea devuelto al usuario, de forma que esto podr\u00eda no ser una vulnerabilidad."}], "lastModified": "2018-10-19T15:40:35.550", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:innovative_cms:innovative_cms:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E4568845-8D54-48A8-BFB3-69321F32F204"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}