CVE-2005-1001

Name of the Vulnerable Software and Affected Versions PHP-Nuke version 7.6

Description The issue allows remote attackers to obtain sensitive information. This can be achieved via direct requests to the Surveys module with the file parameter set to comments or to 3D-Fantasy/theme.php, which leaks the full pathname of the web server in a PHP error message.

Recommendations For PHP-Nuke version 7.6, consider restricting access to the Surveys module and the 3D-Fantasy/theme.php file to minimize the risk of exploitation. Avoid using the file parameter in the Surveys module until the issue is resolved.