CVE-2003-1550

Published: Dec 31, 2003Modified: Apr 16, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

XOOPS 2.0, and possibly earlier versions, allows remote attackers to obtain sensitive information via an invalid xoopsOption parameter, which reveals the installation path in an error message.

Affected (1)

Products: Xoops: Xoops

Xoops

1 product

Xoops

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Xoops Xoops	Up to 2.0

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (12)

http://marc.info/?l=bugtraq&m=104820295115420&w=2

Source: cve@mitre.org

Exploit

http://marc.info/?l=bugtraq&m=104887510828106&w=2

Source: cve@mitre.org

http://secunia.com/advisories/8353

Source: cve@mitre.org

Vendor Advisory

http://www.security-corporation.com/index.php?id=advisories&a=011-FR

Source: cve@mitre.org

http://www.securityfocus.com/bid/7149

Source: cve@mitre.org

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/11587

Source: cve@mitre.org

http://marc.info/?l=bugtraq&m=104820295115420&w=2