Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-1912 — Burzi Php-nuke vulnerability

7 documents4 sources

Severity

5.0MEDIUMNVD

EPSS

0.0%

top 88.69%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Francisco Burzi Php-nuke Shiba-design Nukecalendar

Timeline

PublishedDec 31

Latest updateApr 29

Description

The (1) modules.php, (2) block-Calendar.php, (3) block-Calendar1.php, (4) block-Calendar_center.php scripts in NukeCalendar 1.1.a, as used in PHP-Nuke, allow remote attackers to obtain sensitive information via a URL with an invalid argument, which reveals the full path in an error message.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶NVDshiba-design/nukecalendar1.1.a

▶NVDfrancisco_burzi/php-nuke8.0_final

🔴Vulnerability Details

GHSA

GHSA-m9hc-vpmc-234m: The (1) modules↗2022-04-29

▶

CVEList

CVE-2004-1912: The (1) modules↗2005-05-10

▶

💥Exploits & PoCs

Exploit-DB

NukeCalendar 1.1.a - 'block-Calendar1.php' Full Path Disclosure↗2004-04-08

▶

Exploit-DB

NukeCalendar 1.1.a - 'block-Calendar_center.php' Full Path Disclosure↗2004-04-08

▶

Exploit-DB

NukeCalendar 1.1.a - 'block-calendar.php' Full Path Disclosure↗2004-04-08

▶

Exploit-DB

NukeCalendar 1.1.a - 'modules.php' Full Path Disclosure↗2004-04-08

▶