PT-2004-2729 · Php Nuke · Php-Nuke+1

Janek Vind

Published

2004-03-18

Updated

2017-07-11

CVE-2004-1830

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions PHP-Nuke version 6.0

Description The issue allows remote attackers to obtain sensitive information via an invalid language, newlang, or lang parameter in the error.php file of Error Manager 2.1 for PHP-Nuke. This results in the leakage of the pathname in a PHP error message.

Recommendations For PHP-Nuke version 6.0, consider restricting access to the error.php file in Error Manager 2.1 to minimize the risk of exploitation. Avoid using the parameters language, newlang, or lang with invalid values in the affected API endpoint until the issue is resolved.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2004-1830

Affected Products

Error Manager

Php-Nuke

PT-2004-2729 · Php Nuke · Php-Nuke+1

CVE-2004-1830

Related Identifiers

Affected Products

References · 8