Direct Request ('Forced Browsing')

CVE-2005-1697

Medium

5/10

Summary

The RSS module in PostNuke 0.750 and 0.760RC2 and RC3 allows remote attackers to obtain sensitive information via a direct request to simple_smarty.php, which reveals the path in an error message.

Access Complexity: LOW
AccessVector: NETWORK
Authentication: NONE
Integrity Impact: NONE
Confidentiality Impact: PARTIAL
Availability Impact: NONE

CWE-425 - Direct Request ('Forced Browsing')

The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.

References

Advisory Timeline

Published May 24, 2005

Direct Request ('Forced Browsing')

CVE-2005-1697

Summary

CWE-425 - Direct Request ('Forced Browsing')

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS