Back to search
CVE-2004-1956
Published: May 10, 2005
Modified: Aug 8, 2024
PUBLISHED
Description
PostNuke 0.7.2.6 allows remote attackers to gain information via a direct HTTP request to files in the (1) includes/blocks directory, (2) pnadodb directory, (3) NS-NewUser module, (4) NS-Your_Account, (5) NS-LostPassword module, or (6) NS-User module which reveals the path to the web server in a PHP error message.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
10191
vdb-entry
x_refsource_BID
http://www.waraxe.us/index.php?modname=sa&id=22
x_refsource_MISC
postnuke-scripts-modules-path-disclosure(15933)
vdb-entry
x_refsource_XF
20040421 [waraxe-2004-SA#022 - Multiple vulnerabilities in PostNuke 0.726 Phoenix - part 2]
mailing-list
x_refsource_BUGTRAQ
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now