NVD

Id
63489  
Name
CVE-2006-4873  
Description
Jupiter CMS allows remote attackers to obtain sensitive information via a direct request for (1) includes/functions.php, (2) modules/register.php, (3) modules/poll.php, (4) modules/panel.php, (5) modules/pm.php, (6) modules/news.php, (7) modules/templates_change.php, (8) modules/users.php, (9) modules/misc.php, (10) modules/masspm.php, (11) modules/mass-email.php, (12) modules/main-nav.php, (13) modules/login.php, (14) modules/layout.php, (15) modules/hq.php, (16) modules/forum.php, (17) modules/forum-admin.php, (18) modules/events.php, (19) modules/emoticons.php, (20) modules/download.php, (21) modules/blocks.php, (22) modules/ban.php, (23) modules/badwords.php, (24) modules/ads.php, or (25) modules/admin.php, which reveals the installation path in various error messages. NOTE: The modules/online.php vector is already covered by CVE-2006-1679.  
Reject
 
CVSS Version
2  
CVSS Score
5  
Severity
Medium  
CVSS Base Score
5  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
10  
CVSS Vector
(AV:N/AC:L/Au:N/C:P/I:N/A:N)  
Pub Date
2016-12-20  
Published
2006-09-19  
Modified Date
2008-09-05  
Seq
2006-4873  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
330926 63489 CVE-2006-4873 1608  View
330927 63489 CVE-2006-4873 20060915 Jupiter CMS Multiple injections  View
330928 63489 CVE-2006-4873 20048  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
59858 JVNDB-2006-002124 Jupiter CMS における重要な情報を取得される脆弱性 Jupiter CMS には、エラーメッセージ内にインストールパス内に表示する不備があるため、重要な情報を取得される脆弱性が存在します。 CVE-2006-4873 20975 CVE-2006-4873 63489 5 http://jvndb.jvn.jp/ja/contents/2006/JVNDB-2006-002124.html 2006-09-19 2012-09-25 View