CVE-2005-1001 — Burzi Php-nuke vulnerability

3 documents3 sources

Severity

5.0MEDIUMNVD

EPSS

0.0%

top 95.10%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Francisco Burzi Php-nuke

Timeline

PublishedMay 2

Latest updateMay 1

Description

PHP-Nuke 7.6 allows remote attackers to obtain sensitive information via direct requests to (1) the Surveys module with the file parameter set to comments or (2) 3D-Fantasy/theme.php, which leaks the full pathname of the web server in a PHP error message.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDfrancisco_burzi/php-nuke7.6

Patches

Patch: archives.neohapsis.com ↗Patch: archives.neohapsis.com ↗

🔴Vulnerability Details

GHSA

GHSA-h6pq-6f5r-pv22: PHP-Nuke 7↗2022-05-01

▶

CVEList

CVE-2005-1001: PHP-Nuke 7↗2005-04-07

▶