Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2002-0483 — Burzi Php-nuke vulnerability

4 documents4 sources

Severity

5.0MEDIUMNVD

EPSS

0.1%

top 70.87%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Francisco Burzi Php-nuke

Timeline

PublishedAug 12

Latest updateApr 30

Description

index.php for PHP-Nuke 5.4 and earlier allows remote attackers to determine the physical pathname of the web server when the file parameter is set to index.php, which triggers an error message that leaks the pathname.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDfrancisco_burzi/php-nuke7 versions+6

🔴Vulnerability Details

GHSA

GHSA-gwgg-xf2c-hh99: index↗2022-04-30

▶

CVEList

CVE-2002-0483: index↗2002-06-11

▶

💥Exploits & PoCs

Exploit-DB

PHP-Nuke 5.x - Error Message Web Root Disclosure↗2002-03-21

▶