CVE-2004-1912
published 2004-12-31CVE-2004-1912: The (1) modules.php, (2) block-Calendar.php, (3) block-Calendar1.php, (4) block-Calendar_center.php scripts in NukeCalendar 1.1.a, as used in PHP-Nuke, allow…
PriorityP414medium5CVSS 2.0
AVNACLAuNCPINAN
EXPLOIT
EPSS
3.51%
87.7th percentile
The (1) modules.php, (2) block-Calendar.php, (3) block-Calendar1.php, (4) block-Calendar_center.php scripts in NukeCalendar 1.1.a, as used in PHP-Nuke, allow remote attackers to obtain sensitive information via a URL with an invalid argument, which reveals the full path in an error message.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| francisco_burzi | php-nuke | — | — |
| shiba-design | nukecalendar | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
NukeCalendar 1.1.a - 'block-Calendar1.php' Full Path Disclosure
exploitdb·2004-04-08
CVE-2004-1912 NukeCalendar 1.1.a - 'block-Calendar1.php' Full Path Disclosure
NukeCalendar 1.1.a - 'block-Calendar1.php' Full Path Disclosure
---
source: https://www.securityfocus.com/bid/10082/info
NukeCalendar, which is a third-party calendar module for PHP-Nuke, is prone to multiple vulnerabilities.
These issues include path disclosure, SQL injection and cross-site scripting. Possible consequences include disclosure of sensitive information and account/bulletin board compromise. Attacks against the database implementation itself are also possible through SQL injection.
http://www.example.com/nuke71/blocks/block-Calendar1.php
Exploit-DB
NukeCalendar 1.1.a - 'block-Calendar_center.php' Full Path Disclosure
exploitdb·2004-04-08
CVE-2004-1912 NukeCalendar 1.1.a - 'block-Calendar_center.php' Full Path Disclosure
NukeCalendar 1.1.a - 'block-Calendar_center.php' Full Path Disclosure
---
source: https://www.securityfocus.com/bid/10082/info
NukeCalendar, which is a third-party calendar module for PHP-Nuke, is prone to multiple vulnerabilities.
These issues include path disclosure, SQL injection and cross-site scripting. Possible consequences include disclosure of sensitive information and account/bulletin board compromise. Attacks against the database implementation itself are also possible through SQL injection.
http://www.example.com/nuke71/blocks/block-Calendar_center.php
Exploit-DB
NukeCalendar 1.1.a - 'block-calendar.php' Full Path Disclosure
exploitdb·2004-04-08
CVE-2004-1912 NukeCalendar 1.1.a - 'block-calendar.php' Full Path Disclosure
NukeCalendar 1.1.a - 'block-calendar.php' Full Path Disclosure
---
source: https://www.securityfocus.com/bid/10082/info
NukeCalendar, which is a third-party calendar module for PHP-Nuke, is prone to multiple vulnerabilities.
These issues include path disclosure, SQL injection and cross-site scripting. Possible consequences include disclosure of sensitive information and account/bulletin board compromise. Attacks against the database implementation itself are also possible through SQL injection.
http://www.example.com/nuke71/blocks/block-Calendar.php
Exploit-DB
NukeCalendar 1.1.a - 'modules.php' Full Path Disclosure
exploitdb·2004-04-08
CVE-2004-1912 NukeCalendar 1.1.a - 'modules.php' Full Path Disclosure
NukeCalendar 1.1.a - 'modules.php' Full Path Disclosure
---
source: https://www.securityfocus.com/bid/10082/info
NukeCalendar, which is a third-party calendar module for PHP-Nuke, is prone to multiple vulnerabilities.
These issues include path disclosure, SQL injection and cross-site scripting. Possible consequences include disclosure of sensitive information and account/bulletin board compromise. Attacks against the database implementation itself are also possible through SQL injection.
http://www.example.com/nuke71/modules.php?op=modload&name=Kalender&file=index&type=view&eid=foobar
No writeups or analysis indexed.
2004-12-31
Published