CVE-2004-2019 — Burzi Php-nuke vulnerability

6 documents6 sources

Severity

5.0MEDIUMNVD

EPSS

0.0%

top 92.43%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Francisco Burzi Php-nuke

Timeline

PublishedDec 31

Latest updateApr 29

Description

The WebLinks module in Php-Nuke 6.x through 7.3 allows remote attackers to obtain sensitive information via an invalid show parameter, which displays the full path in a PHP error message.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDfrancisco_burzi/php-nuke15 versions+14

🔴Vulnerability Details

GHSA

GHSA-x22v-5fx6-wj7x: The WebLinks module in Php-Nuke 6↗2022-04-29

▶

CVEList

CVE-2004-2019: The WebLinks module in Php-Nuke 6↗2005-05-10

▶

💥Exploits & PoCs

Exploit-DB

ABC2MTEX 1.6.1 - Command Line Stack Overflow↗2019-08-14

▶

🕵️Threat Intelligence

Unit42

Threat Brief: Microsoft DNS Server Wormable Vulnerability CVE-2020-1350↗2020-07-21

▶

💬Community

Bugzilla

CVE-2019-10185 icedtea-web: directory traversal in the nested jar auto-extraction leading to arbitrary file overwrite↗2019-06-28

▶