CVE-2004-1528

Name of the Vulnerable Software and Affected Versions The Event Calendar module version 2.13 for PHP-Nuke

Description The issue allows remote attackers to gain sensitive information via an HTTP request to specific API endpoints, such as "config.php", "index.php", or "submit.php". These endpoints reveal the full path in an error message, potentially exposing sensitive data.

Recommendations For The Event Calendar module version 2.13, consider restricting access to the "config.php", "index.php", and "submit.php" endpoints to minimize the risk of exploitation. As a temporary workaround, avoid using these endpoints until a patch is available or apply configuration changes to prevent error messages from revealing sensitive information.