CVE-2003-1371: XSS
First published: Wed Dec 31 2003(Updated: )
Nuked-Klan 1.3b, and possibly earlier versions, allows remote attackers to obtain sensitive server information via an op parameter set to phpinfo for the (1) Team, (2) News, or (3) Liens modules.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Nuked-klan Partenaires Module | =1.3_beta |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2003-1371?
CVE-2003-1371 is considered a moderate severity vulnerability that can lead to information disclosure.
How do I fix CVE-2003-1371?
To mitigate CVE-2003-1371, it's recommended to update to a patched version of Nuked-Klan or disable the vulnerable modules.
What specific information can be disclosed by exploiting CVE-2003-1371?
Exploiting CVE-2003-1371 may allow attackers to access sensitive server information through the phpinfo function.
Which versions of Nuked-Klan are affected by CVE-2003-1371?
CVE-2003-1371 affects Nuked-Klan version 1.3b and possibly earlier versions.
Who is most at risk from CVE-2003-1371?
Organizations using vulnerable versions of Nuked-Klan for their web applications are most at risk from CVE-2003-1371.
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/author
- agent/references
- agent/last-modified-date
- agent/severity
- agent/description
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/nuked-klan
- canonical/nuked-klan partenaires module
- version/nuked-klan partenaires module/1.3_beta