CVE-2009-0678

Published: Feb 22, 2009Modified: Apr 23, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

images/captcha.php in RavenNuke 2.30 allows remote attackers to obtain sensitive information via an aFonts array parameter value that does not correspond to a valid font file, which reveals the installation path in an error message.

Affected (1)

Products: Ravenphpscripts: Ravennuke

Ravenphpscripts

1 product

Ravennuke

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Ravenphpscripts Ravennuke	Version 2.30

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (10)

http://ravenphpscripts.com/postt17156.html

Source: cve@mitre.org

Vendor Advisory

http://www.securityfocus.com/archive/1/500988/100/0/threaded

Source: cve@mitre.org

http://www.waraxe.us/advisory-72.html

Source: cve@mitre.org

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/48792

Source: cve@mitre.org

https://www.exploit-db.com/exploits/8068

Source: cve@mitre.org

http://ravenphpscripts.com/postt17156.html