PT-2005-2024 · Php Nuke · Php-Nuke

Published

2005-04-07

Updated

2017-07-11

CVE-2005-1001

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions PHP-Nuke version 7.6

Description The issue allows remote attackers to obtain sensitive information. This can be achieved via direct requests to the Surveys module with the file parameter set to comments or to 3D-Fantasy/theme.php, which leaks the full pathname of the web server in a PHP error message.

Recommendations For PHP-Nuke version 7.6, consider restricting access to the Surveys module and the 3D-Fantasy/theme.php file to minimize the risk of exploitation. Avoid using the file parameter in the Surveys module until the issue is resolved.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2005-1001

Affected Products

Php-Nuke

PT-2005-2024 · Php Nuke · Php-Nuke

CVE-2005-1001

Related Identifiers

Affected Products

References · 4