CVE-2005-0433

Name of the Vulnerable Software and Affected Versions Php-Nuke version 7.5

Description The issue allows remote attackers to determine the full path of the web server via invalid or missing arguments to certain PHP files, including "db.php", "mainfile.php", "Downloads/index.php", or "Web Links/index.php". This is possible because the PHP error message lists the path when such invalid or missing arguments are provided.

Recommendations For Php-Nuke version 7.5, consider restricting access to the affected PHP files, such as "db.php", "mainfile.php", "Downloads/index.php", and "Web Links/index.php", to prevent remote attackers from determining the full path of the web server. Additionally, as a temporary workaround, consider disabling the display of PHP error messages to minimize the risk of path disclosure.