Home > Vulnerability Database > CVE-2004-1385

Mend.io Vulnerability Database

CVE-2004-1385

Date: February 6, 2005

phpGroupWare 0.9.16.003 and earlier allows remote attackers to gain sensitive information via (1) unexpected characters in the session ID such as shell metacharacters, (2) an invalid appname parameter to preferences.php or (3) an invalid menuaction parameter to index.php, which reveals the web server path in an error message.

Severity Score

5.3

Related Resources (7)

Url: https://nvd.nist.gov/vuln/detail/CVE-2004-1385

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/18497

Url: http://www.gentoo.org/security/en/glsa/glsa-200501-08.xml

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2004-1385

Url: http://marc.info/?l=bugtraq&m=110312656029072&w=2

Url: http://www.gulftech.org/?node=research&article_id=00054-12142004

Url: https://www.mend.io/vulnerability-database/CVE-2004-1385

Severity Score

5.3

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	5.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2004-1385

Date: February 6, 2005

Severity Score

Related Resources (7)

Severity Score

CVSS v3.1

CVSS v2

Do you need more information?