CVE-2005-4026
Published Dec 5, 2005
Last updated 6 years ago
Overview
- Description
- search.php in Geeklog 1.4.x before 1.4.0rc1, and 1.3.x before 1.3.11sr3, allows remote attackers to obtain sensitive information via invalid (1) datestart and (2) dateend parameters, which leaks the web server path in an error message.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:N/A:N
Weaknesses
- nvd@nist.gov
- NVD-CWE-Other
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:geeklog:geeklog:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6195A0F8-DC1D-4239-94C9-4FD35C4EF4E9",
"versionEndIncluding": "1.3.11",
"versionStartIncluding": "1.3.0"
},
{
"criteria": "cpe:2.3:a:geeklog:geeklog:1.3.11:rc1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A08FCCA2-886A-4B8B-B3E5-0A62C8E58B43"
},
{
"criteria": "cpe:2.3:a:geeklog:geeklog:1.3.11:sr1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B7B2FCD0-5295-4E27-A9AB-4E55CDC4CAF3"
},
{
"criteria": "cpe:2.3:a:geeklog:geeklog:1.3.11:sr2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "25E45D9D-ADAF-427F-9B77-FCA02EC0E489"
},
{
"criteria": "cpe:2.3:a:geeklog:geeklog:1.4.0:beta1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7B874DF3-F79C-4AA7-9FDE-3AEF62D3AFF8"
}
],
"operator": "OR"
}
]
}
]