CVE-2004-1937
Last modified
CVE-2004-1937 is a vulnerability of currently unknown severity. Multiple directory traversal vulnerabilities in Nuked-KlaN 1.4b and 1.5b allow remote attackers to read or include arbitrary files via .. sequences in (1) the user_langue parameter to index.php or (2) the langue parameter to update.php, or modify arbitrary GLOBAL variables by causing globals.php to be loaded before conf.inc.php via (3) .. EPSS estimates a 8.12% chance of exploitation in the next 30 days.
Description
Multiple directory traversal vulnerabilities in Nuked-KlaN 1.4b and 1.5b allow remote attackers to read or include arbitrary files via .. sequences in (1) the user_langue parameter to index.php or (2) the langue parameter to update.php, or modify arbitrary GLOBAL variables by causing globals.php to be loaded before conf.inc.php via (3) .. sequences in the file parameter with the page parameter set to globals, or (4) ../globals.php in the user_langue parameter, as demonstrated by modifying $nuked[prefix] in the Suggest module.
Metrics
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Nuked-Klan | Nuked-Klan | 1.2 |
| Nuked-Klan | Nuked-Klan | 1.2_beta |
| Nuked-Klan | Nuked-Klan | 1.3 |
| Nuked-Klan | Nuked-Klan | 1.3_beta |
| Nuked-Klan | Nuked-Klan | 1.4 |
| Nuked-Klan | Nuked-Klan | 1.5 |
| Nuked-Klan | Nuked-Klan | 1.5_sp2 |
References
- http://www.phpsecure.info/v2/tutos/frog/Nuked-KlaN.txtExploit, Patch
- http://www.securityfocus.com/bid/10104Exploit, Patch
- http://www.phpsecure.info/v2/tutos/frog/Nuked-KlaN.txtExploit, Patch
- http://www.securityfocus.com/bid/10104Exploit, Patch
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2004-1937?
How severe is CVE-2004-1937?
How do I fix CVE-2004-1937?
Are you affected by CVE-2004-1937?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST