CVE-2004-1723

Name of the Vulnerable Software and Affected Versions PHP-Fusion version 4.00

Description The issue allows remote attackers to obtain sensitive information via a direct HTTP request. This is achieved through the updateuser.php and forums prune.php scripts, which reveal the installation path in an error message.

Recommendations For PHP-Fusion version 4.00, consider restricting access to the updateuser.php and forums prune.php scripts until a patch is available. As a temporary workaround, avoid using these scripts to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.