CVE-2005-3645

critical

Description

phpAdsNew and phpPgAds 2.0.6 and possibly earlier versions allows remote attackers to obtain the application installation path and other sensitive information via direct requests to (1) create.php, and if display_errors is enabled, (2) lib-updates.inc.php, (3) lib-targetstats.inc.php, (4) lib-size.inc.php, (5) lib-misc-stats.inc.php, (6) lib-hourly-hosts.inc.php, (7) lib-hourly.inc.php, (8) lib-history.inc.php, and (9) graph-daily.php.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/23043

http://www.vupen.com/english/advisories/2005/2380

http://www.osvdb.org/20743

http://www.osvdb.org/20742

http://www.osvdb.org/20741

http://www.osvdb.org/20740

http://www.osvdb.org/20739

http://www.osvdb.org/20738

http://www.osvdb.org/20737

http://www.osvdb.org/20736

http://www.osvdb.org/20735

http://www.fitsec.com/advisories/FS-05-01.txt

http://sourceforge.net/project/shownotes.php?group_id=36679&release_id=370942

http://securityreason.com/securityalert/171

http://secunia.com/advisories/17464/

http://seclists.org/lists/bugtraq/2005/Nov/0189.html

http://marc.info/?l=bugtraq&m=113165036315035&w=2

Details

Source: Mitre, NVD

Published: 2005-11-17

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Severity: Critical

EPSS

EPSS: 0.02009