Luis Fernando

Name of the Vulnerable Software and Affected Versions: PHP-Nuke versions 7.6 and earlier Description: The issue allows remote attackers to obtain sensitive information via direct requests to various PHP files, including ipban.php, db.php, and language files such as lang-norwegian.php, lang-indonesian.php, and lang-greek.php. Additionally, requests to specific modules like Web Links, survey, Reviews, and Journal with certain languages, including portuguese and indonesian, can reveal the path in an error message. Recommendations: For PHP-Nuke versions 7.6 and earlier, consider restricting access to the sensitive PHP files and modules mentioned, such as ipban.php, db.php, and language files, until a patch is available. As a temporary workaround, avoid using the language files lang-norwegian.php, lang-indonesian.php, and lang-greek.php in the Web Links, survey, Reviews, and Journal modules.