Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-1830 — Burzi Php-nuke vulnerability

4 documents4 sources

Severity

5.0MEDIUMNVD

EPSS

0.1%

top 84.21%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Francisco Burzi Php-nuke

Timeline

PublishedMar 18

Latest updateApr 29

Description

error.php in Error Manager 2.1 for PHP-Nuke 6.0 allows remote attackers to obtain sensitive information via an invalid (1) language, (2) newlang, or (3) lang parameter, which leaks the pathname in a PHP error message.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDfrancisco_burzi/php-nuke6.0

🔴Vulnerability Details

GHSA

GHSA-cjmf-rwpm-q3h6: error↗2022-04-29

▶

CVEList

CVE-2004-1830: error↗2005-05-10

▶

💥Exploits & PoCs

Exploit-DB

PHP-Nuke Error Manager Module 2.1 - 'error.php?language' Full Path Disclosure↗2004-03-18

▶