CVE-2004-2196 - Vulnerability Details - OpenCVE

Zanfi CMS lite 1.1 allows remote attackers to obtain the full path of the web server via direct requests without required arguments to (1) adm_pages.php, (2) corr_pages.php, (3) del_block.php, (4) del_page.php, (5) footer.php, (6) home.php, and others.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Zanfi Solutions	Zanfi Cms Lite

Configuration 1 [-]

cpe:2.3:a:zanfi_solutions:zanfi_cms_lite:1.1:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://secunia.com/advisories/12792
http://securitytracker.com/id?1011612
http://www.osvdb.org/10677
http://www.osvdb.org/10678
http://www.osvdb.org/10679
http://www.osvdb.org/10680
http://www.osvdb.org/10681
http://www.osvdb.org/10682
http://www.securityfocus.com/archive/1/378053
http://www.zanfi.nl/index1.php?flag=cmslite
https://exchange.xforce.ibmcloud.com/vulnerabilities/17687

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2005-07-10T04:00:00

Updated: 2024-08-08T01:15:01.757Z

Reserved: 2005-07-11T00:00:00

Link: CVE-2004-2196

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2004-12-31T05:00:00.000

Modified: 2025-04-03T01:03:51.193

Link: CVE-2004-2196

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2004-10-11T00:00:00", "descriptions": [{"lang": "en", "value": "Zanfi CMS lite 1.1 allows remote attackers to obtain the full path of the web server via direct requests without required arguments to (1) adm_pages.php, (2) corr_pages.php, (3) del_block.php, (4) del_page.php, (5) footer.php, (6) home.php, and others."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-10T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "10679", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/10679"}, {"name": "12792", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/12792"}, {"name": "10678", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/10678"}, {"name": "zanficmslite-error-path-disclosure(17687)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17687"}, {"name": "1011612", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1011612"}, {"name": "10682", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/10682"}, {"name": "10680", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/10680"}, {"tags": ["x_refsource_MISC"], "url": "http://www.zanfi.nl/index1.php?flag=cmslite"}, {"name": "10677", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/10677"}, {"name": "20041011 Multiple vulnerabilities in ZanfiCmsLite", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/378053"}, {"name": "10681", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/10681"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-2196", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Zanfi CMS lite 1.1 allows remote attackers to obtain the full path of the web server via direct requests without required arguments to (1) adm_pages.php, (2) corr_pages.php, (3) del_block.php, (4) del_page.php, (5) footer.php, (6) home.php, and others."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "10679", "refsource": "OSVDB", "url": "http://www.osvdb.org/10679"}, {"name": "12792", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/12792"}, {"name": "10678", "refsource": "OSVDB", "url": "http://www.osvdb.org/10678"}, {"name": "zanficmslite-error-path-disclosure(17687)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17687"}, {"name": "1011612", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1011612"}, {"name": "10682", "refsource": "OSVDB", "url": "http://www.osvdb.org/10682"}, {"name": "10680", "refsource": "OSVDB", "url": "http://www.osvdb.org/10680"}, {"name": "http://www.zanfi.nl/index1.php?flag=cmslite", "refsource": "MISC", "url": "http://www.zanfi.nl/index1.php?flag=cmslite"}, {"name": "10677", "refsource": "OSVDB", "url": "http://www.osvdb.org/10677"}, {"name": "20041011 Multiple vulnerabilities in ZanfiCmsLite", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/378053"}, {"name": "10681", "refsource": "OSVDB", "url": "http://www.osvdb.org/10681"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-08T01:15:01.757Z"}, "title": "CVE Program Container", "references": [{"name": "10679", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/10679"}, {"name": "12792", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/12792"}, {"name": "10678", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/10678"}, {"name": "zanficmslite-error-path-disclosure(17687)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17687"}, {"name": "1011612", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1011612"}, {"name": "10682", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/10682"}, {"name": "10680", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/10680"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.zanfi.nl/index1.php?flag=cmslite"}, {"name": "10677", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/10677"}, {"name": "20041011 Multiple vulnerabilities in ZanfiCmsLite", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/378053"}, {"name": "10681", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/10681"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-2196", "datePublished": "2005-07-10T04:00:00", "dateReserved": "2005-07-11T00:00:00", "dateUpdated": "2024-08-08T01:15:01.757Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:zanfi_solutions:zanfi_cms_lite:1.1:*:*:*:*:*:*:*", "matchCriteriaId": "5C1B911A-FA2F-4A91-8A99-63A8EDAA9C2C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Zanfi CMS lite 1.1 allows remote attackers to obtain the full path of the web server via direct requests without required arguments to (1) adm_pages.php, (2) corr_pages.php, (3) del_block.php, (4) del_page.php, (5) footer.php, (6) home.php, and others."}], "id": "CVE-2004-2196", "lastModified": "2025-04-03T01:03:51.193", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2004-12-31T05:00:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/12792"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1011612"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/10677"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/10678"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/10679"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/10680"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/10681"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/10682"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Vendor Advisory"], "url": "http://www.securityfocus.com/archive/1/378053"}, {"source": "cve@mitre.org", "url": "http://www.zanfi.nl/index1.php?flag=cmslite"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17687"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/12792"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1011612"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/10677"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/10678"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/10679"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/10680"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/10681"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/10682"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Vendor Advisory"], "url": "http://www.securityfocus.com/archive/1/378053"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.zanfi.nl/index1.php?flag=cmslite"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17687"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}