Published: 31/12/2003 Updated: 29/07/2017

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 435

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

The Web_Links module in PHP-Nuke 6.0 up to and including 6.5 final allows remote malicious users to obtain the full web server path via an invalid cid parameter that is non-numeric or null, which leaks the pathname in an error message.

Vulnerable Product	Search on Vulmon	Subscribe to Product
francisco burzi php-nuke 6.0
francisco burzi php-nuke 6.5
francisco burzi php-nuke 6.5_beta1
francisco burzi php-nuke 6.5_final
francisco burzi php-nuke 6.5_rc1
francisco burzi php-nuke 6.5_rc2
francisco burzi php-nuke 6.5_rc3

source: wwwsecurityfocuscom/bid/7589/info The Web_Links module for PHP-Nuke has been reported prone to a vulnerability which, when exploited, may disclose sensitive path information to a remote attacker An attacker may use the information gathered in this manner to mount further attacks against the host It should be noted that althoug ...

CWE-200 http://www.securityfocus.com/archive/1/321313 http://www.securityfocus.com/bid/7589 https://exchange.xforce.ibmcloud.com/vulnerabilities/12436 https://nvd.nist.gov https://www.exploit-db.com/exploits/22598/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2003-1468

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect