CVE-2004-1818

Name of the Vulnerable Software and Affected Versions 4nalbum versions 0.92 for PHP-Nuke 6.5 through 7.0

Description The issue is related to a cross-site scripting (XSS) vulnerability. This vulnerability allows remote attackers to execute arbitrary script as other users. The exploitation occurs by injecting arbitrary script into the z parameter in the nmimage.php file.

Recommendations For 4nalbum version 0.92, consider restricting access to the nmimage.php file until a patch is available. As a temporary workaround, avoid using the z parameter in the nmimage.php file to minimize the risk of exploitation.