Vulnerability Details : CVE-2004-1937
Potential exploit
Multiple directory traversal vulnerabilities in Nuked-KlaN 1.4b and 1.5b allow remote attackers to read or include arbitrary files via .. sequences in (1) the user_langue parameter to index.php or (2) the langue parameter to update.php, or modify arbitrary GLOBAL variables by causing globals.php to be loaded before conf.inc.php via (3) .. sequences in the file parameter with the page parameter set to globals, or (4) ../globals.php in the user_langue parameter, as demonstrated by modifying $nuked[prefix] in the Suggest module.
Vulnerability category: Directory traversal
Products affected by CVE-2004-1937
- cpe:2.3:a:nuked-klan:nuked-klan:1.2:*:*:*:*:*:*:*
- cpe:2.3:a:nuked-klan:nuked-klan:1.3:*:*:*:*:*:*:*
- cpe:2.3:a:nuked-klan:nuked-klan:1.3_beta:*:*:*:*:*:*:*
- cpe:2.3:a:nuked-klan:nuked-klan:1.2_beta:*:*:*:*:*:*:*
- cpe:2.3:a:nuked-klan:nuked-klan:1.4:*:*:*:*:*:*:*
- cpe:2.3:a:nuked-klan:nuked-klan:1.5:*:*:*:*:*:*:*
- cpe:2.3:a:nuked-klan:nuked-klan:1.5_sp2:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2004-1937
10.43%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 93 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2004-1937
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
References for CVE-2004-1937
-
http://www.securityfocus.com/bid/10104
Exploit;Patch
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/15844
Nuked-Klan configuration file corruption CVE-2004-1937 Vulnerability Report
-
http://www.phpsecure.info/v2/tutos/frog/Nuked-KlaN.txt
Exploit;Patch
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/15843
Nuked-Klan PHP file include CVE-2004-1937 Vulnerability Report
-
http://marc.info/?l=bugtraq&m=108222826225823&w=2
-
http://secunia.com/advisories/11341
Jump to