CVE-2004-1912

Name of the Vulnerable Software and Affected Versions NukeCalendar version 1.1.a

Description The issue allows remote attackers to obtain sensitive information via a URL with an invalid argument, which reveals the full path in an error message. This is due to the modules.php, block-Calendar.php, block-Calendar1.php, and block-Calendar center.php scripts in NukeCalendar.

Recommendations For NukeCalendar version 1.1.a, consider restricting access to the vulnerable scripts until a patch is available. As a temporary workaround, avoid using invalid arguments in URLs to minimize the risk of exploitation.