CVE-2004-1956

Name of the Vulnerable Software and Affected Versions PostNuke version 0.7.2.6

Description The issue allows remote attackers to gain information via a direct HTTP request to specific files and directories, which reveals the path to the web server in a PHP error message. The affected directories and modules include includes/blocks, pnadodb, NS-NewUser, NS-Your Account, NS-LostPassword, and NS-User.

Recommendations For PostNuke version 0.7.2.6, restrict access to the includes/blocks, pnadodb, NS-NewUser, NS-Your Account, NS-LostPassword, and NS-User modules to minimize the risk of exploitation. Consider implementing proper error handling to prevent the disclosure of sensitive information, such as the web server path.