header-logo
Suggest Exploit
vendor:
PHP-Nuke
by:
SecurityFocus
4.3
CVSS
MEDIUM
Path Disclosure
200
CWE
Product Name: PHP-Nuke
Affected Version From: PHP-Nuke 5.4
Affected Version To: PHP-Nuke 6.5
Patch Exists: YES
Related CWE: CVE-2002-1390
CPE: a:phpnuke:php-nuke
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
2002

Multiple Path Disclosure Vulnerabilities in PHP-Nuke

Multiple path disclosure vulnerabilities have been reported in various PHP scripts used by PHP-Nuke. The issue occurs when an invalid URI parameter is passed to certain scripts. The affected scripts do not provide sufficient error handling for this circumstance and as such, may display an error page containing sensitive information path information.

Mitigation:

Ensure that all scripts are properly sanitized and that error messages do not contain sensitive information.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/7218/info
 
Multiple path disclosure vulnerabilities have been reported in various PHP scripts used by PHP-Nuke. The issue occurs when an invalid URI parameter is passed to certain scripts. The affected scripts do not provide sufficient error handling for this circumstance and as such, may display an error page containing sensitive information path information. 

http://www.target.com/modules.php?op=modload&name=Members_List&file=index&letter=All&sortby=uname1234

Navigation

Suggest Exploit

Services By CQR