CVE-2003-1468

Name of the Vulnerable Software and Affected Versions PHP-Nuke versions 6.0 through 6.5 final

Description The issue allows remote attackers to obtain the full web server path. This is achieved by providing an invalid cid parameter that is non-numeric or null, resulting in the pathname being leaked in an error message.

Recommendations For PHP-Nuke versions 6.0 through 6.5 final, consider restricting access to the Web Links module until a fix is available, or avoid using non-numeric or null values for the cid parameter to minimize the risk of path disclosure.