CVE-2004-1830

Name of the Vulnerable Software and Affected Versions PHP-Nuke version 6.0

Description The issue allows remote attackers to obtain sensitive information via an invalid language, newlang, or lang parameter in the error.php file of Error Manager 2.1 for PHP-Nuke. This results in the leakage of the pathname in a PHP error message.

Recommendations For PHP-Nuke version 6.0, consider restricting access to the error.php file in Error Manager 2.1 to minimize the risk of exploitation. Avoid using the parameters language, newlang, or lang with invalid values in the affected API endpoint until the issue is resolved.