Description modules.php in PHP-Nuke 6.x to 7.6 allows remote attackers to obtain sensitive information via a direct request to (1) my_headlines, (2) userinfo, or (3) search, which reveals the path in a PHP error message.
CVSS vector AV:N/AC:L/C:P/I:N/A:N Exploitability: 10.0 | Impact: 2.9 Complexity: Low
Integrity: None
Availability: None
Affected Packages1 packages
🔴 Vulnerability Details2 GHSA GHSA-9v3f-9r8j-jvcj: modules ↗ 2022-05-01 ▶ CVEList CVE-2005-1024: modules ↗ 2005-04-09 ▶
💥 Exploits & PoCs8 Exploit-DB TYPSoft FTP Server 1.10 - 'RETR' Denial of Service (2) ↗ 2010-12-29 ▶ Exploit-DB WinRAR 3.30 - 'Filename' Local Buffer Overflow (1) ↗ 2006-01-04 ▶ Exploit-DB Snort 2.4.2 - Back Orifice Parsing Remote Buffer Overflow ↗ 2005-10-25 ▶ Exploit-DB Crob FTP Server 3.6.1 - Remote Stack Overflow ↗ 2005-06-03 ▶ Exploit-DB Snmppd - SNMP Proxy Daemon Remote Format String ↗ 2005-04-29 ▶ Show 3 more
💬 Community3 Bugzilla CVE-2005-0400 ext2 mkdir() directory entry random kernel memory leak ↗ 2005-03-29 ▶ Bugzilla CVE-2005-0400 ext2 mkdir() directory entry random kernel memory leak ↗ 2005-03-29 ▶ Bugzilla CVE-2005-0400 ext2 mkdir() directory entry random kernel memory leak (ipf) ↗ 2005-03-29 ▶