Overview
- Description
- PowerPortal 1.x allows remote attackers to gain sensitive information via invalid or missing parameters in HTTP requests to (1) resize.php or (2) modules.php, which reveals the path in an error message.
- Source
- cve@mitre.org
- NVD status
- Modified
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:N/A:N
Weaknesses
- nvd@nist.gov
- NVD-CWE-Other
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:powerportal:powerportal:1.1b:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7894AF63-7158-49B6-957C-0F95628AF78E"
},
{
"criteria": "cpe:2.3:a:powerportal:powerportal:1.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D06B14A8-85BF-49EF-B261-FD70F05A2D8B"
},
{
"criteria": "cpe:2.3:a:powerportal:powerportal:1.3b:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F62FED84-52E1-466B-9EE0-6679A84ED625"
}
],
"operator": "OR"
}
]
}
]