CVE-2003-1526 — Sensitive Information Exposure in Burzi Php-nuke

CWE-200 — Sensitive Information Exposure3 documents3 sources

Severity

5.0MEDIUMNVD

EPSS

0.0%

top 98.07%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Francisco Burzi Php-nuke

Timeline

PublishedDec 31

Latest updateApr 29

Description

PHP-Nuke 7.0 allows remote attackers to obtain the installation path via certain characters such as (1) ", (2) ', or (3) > in the search field, which reveals the path in an error message.

CVSS vector

AV:N/AC:L/C:N/I:P/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDfrancisco_burzi/php-nuke7.0

🔴Vulnerability Details

GHSA

GHSA-jxw3-88g9-fx95: PHP-Nuke 7↗2022-04-29

▶

CVEList

CVE-2003-1526: PHP-Nuke 7↗2007-10-25

▶