CVE-2005-0655

auraCMS 1.5 allows remote attackers to obtain sensitive information via an HTTP request with an invalid id parameter to (1) teman.php, (2) hal.php, or (3) arsip.php, which reveals the path in a PHP error message.

Published: May 2, 2005
Updated: Apr 13, 2023
CVE: CVE-2005-0655
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
arif_supriyanto / auracms	1.5	1.5.x

http://echo.or.id/adv/adv011-y3dips-2005.txt
http://marc.info/?l=bugtraq&m=110979842315750&w=2
http://securitytracker.com/id?1013357

Vulnerability Database

289,871

CVE-2005-0655