Info

Disclosure

Apr 29, 2005

Discovery

Apr 26, 2005

Dates

Exploit

Apr 29, 2005

Solution

Unknown

Description

PHP-Nuke contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker specifies the Portugese language in the Reviews, Web_Links or Journal module. The module's call to lang-portugese.php fails which will disclose the physical installation path resulting in a loss of confidentiality.

Classification

Location: Remote/Network Access Required
Attack Type: Information Disclosure
Impact: Loss of Confidentiality
Exploit: Exploit Available
Disclosure: OSVDB Verified
OSVDB: Web Related

Solution

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Products

Francisco Burzi

PHP-Nuke

7.6

References

Related OSVDB ID: 16363 16364 16365 16366 16367
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-04/0504.html
CVE ID: 2005-1386 (see also: NVD)
Vendor URL: http://phpnuke.org

Credit

project-restart - project-restart

Direct URL: http://osvdb.org/36218