← Back

CVE-2003-1468

nvd nist
Published: Dec 31, 2003Modified: Apr 16, 2026

JSON object

Loading...
4.3
Vector
AV:N/AC:M/Au:N/C:P/I:N/A:N
Exploitability: 8.6 / Impact: 2.9
Source: NVD

Description

The Web_Links module in PHP-Nuke 6.0 through 6.5 final allows remote attackers to obtain the full web server path via an invalid cid parameter that is non-numeric or null, which leaks the pathname in an error message.

Affected (7)

Francisco Burzi
1 product
Php Nuke
Configuration A
7 vulnerable
Vulnerable SoftwareAffected Versions
Francisco Burzi
Php Nuke
Version 6.0
Php Nuke
Version 6.5
Php Nuke
Version 6.5_beta1
Php Nuke
Version 6.5_final
Php Nuke
Version 6.5_rc1
Php Nuke
Version 6.5_rc2
Php Nuke
Version 6.5_rc3

Related CWEs

CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (6)

Source: cve@mitre.org
Exploit
Source: cve@mitre.org
Exploit
Source: cve@mitre.org
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit
Source: af854a3a-2127-422b-91ae-364da2661108
Exploit
Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.