CVE-2005-4219

{"id": "CVE-2005-4219", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2005-12-14T11:03:00.000", "references": [{"url": "http://securityreason.com/securityalert/250", "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1015343", "tags": ["Exploit", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/21766", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/419238/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/419500/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://securityreason.com/securityalert/250", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://securitytracker.com/id?1015343", "tags": ["Exploit", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.osvdb.org/21766", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/419238/100/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/419500/100/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "setting.php in Innovative CMS (ICMS, formerly Imoel-CMS) contains username and password information in cleartext, which might allow attackers to obtain this information via a direct request to setting.php. NOTE: on a properly configured web server, it would be expected that a .php file would be processed before content is returned to the user, so this might not be a vulnerability."}, {"lang": "es", "value": "setting.php en Innovative CMS (ICMS, anteriormente Imoel-CMS) contiene informaci\u00f3n de nombres de usuario y contrase\u00f1as en texto claro, lo que podr\u00eda permitir a atacantes obtener esta informaci\u00f3n mediante una petici\u00f3n directa a settings.php.\r\nNOTA: en un servidor web apropiadamente configurado, ser\u00eda de esperar que un fichero .php sea procesado antes de que su contenido sea devuelto al usuario, de forma que esto podr\u00eda no ser una vulnerabilidad."}], "lastModified": "2025-04-03T01:03:51.193", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:innovative_cms:innovative_cms:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E4568845-8D54-48A8-BFB3-69321F32F204"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}