Vulnerability Details : CVE-2004-2575
Potential exploit
phpGroupWare 0.9.14.005 and earlier allow remote attackers to obtain sensitive information via a direct request to (1) hook_admin.inc.php, (2) hook_home.inc.php, (3) class.holidaycalc.inc.php, and (4) setup.inc.php.sample, which reveals the path in an error message.
Products affected by CVE-2004-2575
- cpe:2.3:a:phpgroupware:phpgroupware:0.9.16.000:*:*:*:*:*:*:*
- cpe:2.3:a:phpgroupware:phpgroupware:0.9.16.002:*:*:*:*:*:*:*
- cpe:2.3:a:phpgroupware:phpgroupware:0.9.16.003:*:*:*:*:*:*:*
- cpe:2.3:a:phpgroupware:phpgroupware:0.9.16.005:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2004-2575
0.59%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 67 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2004-2575
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST |
References for CVE-2004-2575
-
http://www.osvdb.org/7602
Exploit
-
https://savannah.gnu.org/bugs/?func=detailitem&item_id=7478
phpGroupWare - Bugs: bug #7478, Multiple security holes in last... [Savannah]Exploit
-
http://www.osvdb.org/7604
Exploit
-
http://www.osvdb.org/7603
Exploit
-
http://www.osvdb.org/7601
Exploit
Jump to