CVE-2009-2303

Published Jul 2, 2009

Last updated 6 years ago

Overview

Description: index.php in Aardvark Topsites PHP 5.2.1 and earlier allows remote attackers to obtain sensitive information via a negative integer value for the start parameter in a search action, which reveals the installation path in an error message.
Source: cve@mitre.org
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 5
Impact score: 2.9
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-20

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:avatic:aardvark_topsites_php:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CC6EBC91-6369-460F-84B2-26E9255F9D7F",
            "versionEndIncluding": "5.2.1"
          },
          {
            "criteria": "cpe:2.3:a:avatic:aardvark_topsites_php:4.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "02BB4B5A-0D58-4696-AF23-8B8A5295FAF7"
          },
          {
            "criteria": "cpe:2.3:a:avatic:aardvark_topsites_php:4.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5CA47010-FD73-4897-A580-4AAE589FE904"
          },
          {
            "criteria": "cpe:2.3:a:avatic:aardvark_topsites_php:4.2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8DD9D097-C3E0-4CB3-A802-15D1F807B0B0"
          },
          {
            "criteria": "cpe:2.3:a:avatic:aardvark_topsites_php:5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "01F8A0E7-7087-46AF-B2EB-29CDA8FD0CE7"
          },
          {
            "criteria": "cpe:2.3:a:avatic:aardvark_topsites_php:5.0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "969B3A92-77E2-4CD5-AA50-604CF12DB668"
          },
          {
            "criteria": "cpe:2.3:a:avatic:aardvark_topsites_php:5.1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C282DA40-217E-4FA1-825E-6EE380F20940"
          },
          {
            "criteria": "cpe:2.3:a:avatic:aardvark_topsites_php:5.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "151788A4-3F7E-42E7-B15E-EB7FB19D3AC6"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References