CVE-2002-0483

index.php for PHP-Nuke 5.4 and earlier allows remote attackers to determine the physical pathname of the web server when the file parameter is set to index.php, which triggers an error message that leaks the pathname.

Published: Aug 12, 2002
Updated: Apr 13, 2023
CVE: CVE-2002-0483
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
francisco_burzi / php-nuke	5.3.1	5.3.1.x
francisco_burzi / php-nuke	5.1	5.1.x
francisco_burzi / php-nuke	5.0	5.0.x
francisco_burzi / php-nuke	5.4	5.4.x
francisco_burzi / php-nuke	5.2a	5.2a.x
francisco_burzi / php-nuke	5.0.1	5.0.1.x
francisco_burzi / php-nuke	5.2	5.2.x

http://online.securityfocus.com/archive/1/263337
http://www.iss.net/security_center/static/8618.php
http://www.securityfocus.com/bid/4333

Vulnerability Database

289,697

CVE-2002-0483