CVE-2004-2362

Name of the Vulnerable Software and Affected Versions: PHPX versions 3.2.6 and earlier

Description: The issue allows remote attackers to obtain the physical path of PHPX by providing a null or invalid value in the limit parameter. This results in the pathname being leaked in a database error message. An example of this can be seen in the forums.php file.

Recommendations: For PHPX versions 3.2.6 and earlier, consider validating and sanitizing the limit parameter to prevent the injection of null or invalid values, which could mitigate the risk of pathname leakage. Additionally, as a temporary workaround, restrict access to the forums.php file to minimize the risk of exploitation.