Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2003-1468Sensitive Information Exposure in Burzi Php-nuke

CWE-200Sensitive Information Exposure5 documents4 sources
Severity
4.3MEDIUMNVD
EPSS
0.1%
top 84.03%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Francisco Burzi Php-nuke
Timeline
PublishedDec 31
Latest updateApr 29

Description

The Web_Links module in PHP-Nuke 6.0 through 6.5 final allows remote attackers to obtain the full web server path via an invalid cid parameter that is non-numeric or null, which leaks the pathname in an error message.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

NVDfrancisco_burzi/php-nuke7 versions+6

🔴Vulnerability Details

2
GHSA
GHSA-6qhf-x255-q8qf: The Web_Links module in PHP-Nuke 62022-04-29
CVEList
CVE-2003-1468: The Web_Links module in PHP-Nuke 62007-10-24

💥Exploits & PoCs

2
Exploit-DB
PHP-Nuke 6.0/6.5 Web_Links Module - Full Path Disclosure2003-05-13
Exploit-DB
IBM AIX 4.3.x/5.1 - 'ERRPT' Local Buffer Overflow2003-04-16
CVE-2003-1468 — Sensitive Information Exposure | cvebase