CVE-2005-1028

Name of the Vulnerable Software and Affected Versions PHP-Nuke versions 6.x through 7.6

Description The issue allows remote attackers to obtain sensitive information via a direct request to certain modules, which reveals the path in a PHP error message. This can be achieved by accessing (1) index.php with the forum admin parameter set, (2) the Surveys module, or (3) the Your Account module.

Recommendations For PHP-Nuke versions 6.x through 7.6, consider restricting access to the Surveys and Your Account modules, and avoid using the forum admin parameter in index.php until a fix is available. As a temporary workaround, restrict direct requests to these modules to minimize the risk of exploitation.