CVE-2005-1024

Name of the Vulnerable Software and Affected Versions PHP-Nuke versions 6.x through 7.6

Description The issue allows remote attackers to obtain sensitive information via a direct request to certain modules, which reveals the path in a PHP error message. Specifically, this can be done through requests to (1) "my headlines", (2) "userinfo", or (3) "search".

Recommendations For PHP-Nuke versions 6.x through 7.6, consider restricting access to the "modules.php" file to prevent direct requests to sensitive modules like "my headlines", "userinfo", and "search" until a proper fix is applied. As a temporary workaround, disabling the display of PHP error messages can help minimize the risk of information disclosure.