2023-04-24 12:24:31 +02:00
{
"id" : "CVE-2004-2664" ,
"sourceIdentifier" : "cve@mitre.org" ,
"published" : "2004-12-31T05:00:00.000" ,
2024-11-21 23:11:37 +00:00
"lastModified" : "2024-11-20T23:53:55.760" ,
"vulnStatus" : "Modified" ,
2024-12-08 03:06:42 +00:00
"cveTags" : [ ] ,
2023-04-24 12:24:31 +02:00
"descriptions" : [
{
"lang" : "en" ,
"value" : "John Lim ADOdb Library for PHP before 4.23 allows remote attackers to obtain sensitive information via direct requests to certain scripts that result in an undefined value of ADODB_DIR, which reveals the installation path in an error message."
}
] ,
"metrics" : {
"cvssMetricV2" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"cvssData" : {
"version" : "2.0" ,
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:N/A:N" ,
2024-11-21 23:11:37 +00:00
"baseScore" : 5.0 ,
2023-04-24 12:24:31 +02:00
"accessVector" : "NETWORK" ,
"accessComplexity" : "LOW" ,
"authentication" : "NONE" ,
"confidentialityImpact" : "PARTIAL" ,
"integrityImpact" : "NONE" ,
2024-11-21 23:11:37 +00:00
"availabilityImpact" : "NONE"
2023-04-24 12:24:31 +02:00
} ,
"baseSeverity" : "MEDIUM" ,
"exploitabilityScore" : 10.0 ,
"impactScore" : 2.9 ,
"acInsufInfo" : false ,
"obtainAllPrivilege" : false ,
"obtainUserPrivilege" : false ,
"obtainOtherPrivilege" : false ,
"userInteractionRequired" : false
}
]
} ,
"weaknesses" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"description" : [
{
"lang" : "en" ,
"value" : "NVD-CWE-Other"
}
]
}
] ,
"configurations" : [
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:john_lim:adodb:*:*:*:*:*:*:*:*" ,
"versionEndIncluding" : "4.22" ,
"matchCriteriaId" : "BFF0AAE7-8D24-4012-893C-ECA1AF77571A"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:john_lim:adodb:3.94:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "BDBA517D-4748-4E9E-8E7C-1F04BAB821F9"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:john_lim:adodb:4.00:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "B96898C8-2F5F-40BC-924D-42990FD8A63B"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:john_lim:adodb:4.01:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "1166C876-A81E-4EEF-8B68-8B4DC931BEBF"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:john_lim:adodb:4.02:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "2603746F-1BB3-48FA-9BD0-A9C3D7C29F60"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:john_lim:adodb:4.03:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "D442F8CD-E903-4835-B3FF-3C763DEC0E0B"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:john_lim:adodb:4.04:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "06742D26-85FB-43BD-992E-57846C2C172F"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:john_lim:adodb:4.05:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "06F51DCF-55A7-4B23-A21D-476AAF92D4EF"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:john_lim:adodb:4.10:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "1768F8F3-AA47-445D-97C9-2527D5B6DDD9"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:john_lim:adodb:4.11:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "41547706-2DEE-4C8B-B9B9-67F54BECB2CA"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:john_lim:adodb:4.20:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "E5D4086F-9589-44D2-9101-DCF5A10B01FA"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:john_lim:adodb:4.21:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "5E81CD9A-5CAD-4785-B556-9D6C0F2C4E9B"
}
]
}
]
}
] ,
"references" : [
{
"url" : "http://phplens.com/lens/adodb/docs-adodb.htm#changes" ,
"source" : "cve@mitre.org" ,
"tags" : [
"Patch"
]
2024-11-21 23:11:37 +00:00
} ,
{
"url" : "http://phplens.com/lens/adodb/docs-adodb.htm#changes" ,
"source" : "af854a3a-2127-422b-91ae-364da2661108" ,
"tags" : [
"Patch"
]
2023-04-24 12:24:31 +02:00
}
2024-11-21 23:11:37 +00:00
] ,
"evaluatorSolution" : "This vulnerability is addressed in the following product release:\r\nJohn Lim, ADOdb, 4.23"
2023-04-24 12:24:31 +02:00
}
