Unrated severityNVD Advisory· Published Dec 31, 2005· Updated Jun 16, 2026

CVE-2005-4700

Description

TellMe 1.2 and earlier, when the Server (o_Server) and HEAD (o_Head) options are enabled, allows remote attackers to obtain sensitive information via an invalid q_Host parameter, which reveals the full pathname of the application in an fsockopen error message.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Tellme/Tellme2 versions
cpe:2.3:a:tellme:tellme:1.2:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:tellme:tellme:1.2:*:*:*:*:*:*:*
- (no CPE)range: <=1.2

Patches

Vulnerability mechanics

Root cause

"Unvalidated user input passed to fsockopen() causes PHP to emit a warning that discloses the full server path."

Attack vector

An attacker sends a crafted HTTP request to the TellMe script with the `q_Host` parameter set to an invalid value (e.g., `--`) while the `o_Server` and `o_Head` options are enabled. The application passes this unsanitized input directly to `fsockopen()`, which fails and produces a PHP warning that includes the full server-side path to the script in the error message [ref_id=1]. The attack requires no authentication and is performed over HTTP by manipulating query string parameters.

What the fix does

The advisory states that the vendor released version 1.3 and a diff patch, but the patch content itself is not included in the bundle [ref_id=1]. The fix presumably validates or sanitizes the `q_Host` parameter before passing it to `fsockopen()`, preventing the raw error message from revealing the filesystem path. Without the actual diff, the exact changes cannot be confirmed.

Preconditions

configThe TellMe application must be installed with the Server (o_Server) and HEAD (o_Head) options enabled
networkAttacker must be able to send HTTP requests to the TellMe script
inputThe q_Host parameter must be set to an invalid value (e.g., '--') to trigger the fsockopen error

Reproduction

Visit `http://[host]/net/index.php?q_IP=&q_Host=--+test.com&o_Server=on&o_Head=on`. The server will return a PHP warning containing the full path to the script, e.g., `Warning: fsockopen(): unable to connect to -- help test.com:80 in /home/httpd/vhosts/[VHOSTUSER]/httpdocs/net/index.php on line 246` [ref_id=1].

Generated on Jun 17, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

secunia.com/advisories/17078nvdPatchVendor Advisory
archives.neohapsis.com/archives/fulldisclosure/2005-10/0107.htmlnvdExploitPatch
exploitlabs.com/files/advisories/EXPL-A-2005-015-tellme.txtnvdExploitPatch
www.osvdb.org/19872nvdExploitPatch
exchange.xforce.ibmcloud.com/vulnerabilities/22523nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000