Search...

PHP-Nuke Web_Links Module voteinclude.php Path Disclosure

2004-06-23T00:00:00

ID OSVDB:7223
Type osvdb
Reporter Janek Vind "waraxe"(come2waraxe@yahoo.com)
Modified 2004-06-23T00:00:00

Description

Vulnerability Description

PHP-Nuke contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker requests an invalid parameter of the voteinclude.php file in the Web Links module, which will disclose the physical path of the web server resulting in a loss of confidentiality.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Manual Testing Notes

http://[victim]/nuke73/modules/Web_Links/voteinclude.php

References:

JSON Vulners Source

Initial Source

{"edition": 1, "title": "PHP-Nuke Web_Links Module voteinclude.php Path Disclosure", "bulletinFamily": "software", "published": "2004-06-23T00:00:00", "lastseen": "2017-04-28T13:20:02", "modified": "2004-06-23T00:00:00", "reporter": "Janek Vind \"waraxe\"(come2waraxe@yahoo.com)", "viewCount": 0, "href": "https://vulners.com/osvdb/OSVDB:7223", "description": "## Vulnerability Description\nPHP-Nuke contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker requests an invalid parameter of the voteinclude.php file in the Web Links module, which will disclose the physical path of the web server resulting in a loss of confidentiality.\n## Solution Description\nCurrently, there are no known upgrades, patches, or workarounds available to correct this issue.\n## Short Description\nPHP-Nuke contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker requests an invalid parameter of the voteinclude.php file in the Web Links module, which will disclose the physical path of the web server resulting in a loss of confidentiality.\n## Manual Testing Notes\nhttp://[victim]/nuke73/modules/Web_Links/voteinclude.php\n## References:\nVendor URL: http://phpnuke.org\n[Secunia Advisory ID:11920](https://secuniaresearch.flexerasoftware.com/advisories/11920/)\n[Related OSVDB ID: 7224](https://vulners.com/osvdb/OSVDB:7224)\n[Related OSVDB ID: 7226](https://vulners.com/osvdb/OSVDB:7226)\n[Related OSVDB ID: 7229](https://vulners.com/osvdb/OSVDB:7229)\n[Related OSVDB ID: 7234](https://vulners.com/osvdb/OSVDB:7234)\n[Related OSVDB ID: 7227](https://vulners.com/osvdb/OSVDB:7227)\n[Related OSVDB ID: 7230](https://vulners.com/osvdb/OSVDB:7230)\n[Related OSVDB ID: 7232](https://vulners.com/osvdb/OSVDB:7232)\n[Related OSVDB ID: 7233](https://vulners.com/osvdb/OSVDB:7233)\n[Related OSVDB ID: 7235](https://vulners.com/osvdb/OSVDB:7235)\n[Related OSVDB ID: 7236](https://vulners.com/osvdb/OSVDB:7236)\n[Related OSVDB ID: 7225](https://vulners.com/osvdb/OSVDB:7225)\n[Related OSVDB ID: 7228](https://vulners.com/osvdb/OSVDB:7228)\n[Related OSVDB ID: 7231](https://vulners.com/osvdb/OSVDB:7231)\nOther Advisory URL: http://www.waraxe.us/?modname=sa&id=033\nMail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2004-06/0739.html\n", "affectedSoftware": [{"name": "PHP-Nuke", "version": "7.3", "operator": "eq"}], "type": "osvdb", "references": [], "enchantments": {"score": {"value": -0.2, "vector": "NONE", "modified": "2017-04-28T13:20:02", "rev": 2}, "dependencies": {"references": [], "modified": "2017-04-28T13:20:02", "rev": 2}, "vulnersScore": -0.2}, "cvss": {"vector": "NONE", "score": 0.0}, "cvelist": [], "id": "OSVDB:7223", "immutableFields": []}