CVE-2004-2009

Name of the Vulnerable Software and Affected Versions NukeJokes versions 1.7 through 2 Beta

Description The issue allows remote attackers to obtain the full path of the server. This can be achieved through a direct call to "mainfunctions.php", an invalid jokeid parameter in the JokeView function, or an invalid cat parameter in the CatView function. In each case, the path is revealed in a PHP error message.

Recommendations For NukeJokes versions 1.7 through 2 Beta, consider restricting access to "mainfunctions.php" and validating the jokeid and cat parameters in the JokeView and CatView functions, respectively, to prevent the disclosure of the server path.