CVE-2005-0433

Php-Nuke 7.5 allows remote attackers to determine the full path of the web server via invalid or missing arguments to (1) db.php, (2) mainfile.php, (3) Downloads/index.php, or (4) Web_Links/index.php, which lists the path in a PHP error message.

Published: Feb 15, 2005
Updated: Apr 13, 2023
CVE: CVE-2005-0433
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
francisco_burzi / php-nuke	6.5_beta1	6.5_beta1.x
francisco_burzi / php-nuke	6.5	6.5.x
francisco_burzi / php-nuke	7.0	7.0.x
francisco_burzi / php-nuke	7.2	7.2.x
francisco_burzi / php-nuke	7.0_final	7.0_final.x
francisco_burzi / php-nuke	6.5_rc2	6.5_rc2.x
francisco_burzi / php-nuke	7.3	7.3.x
francisco_burzi / php-nuke	6.5_rc3	6.5_rc3.x
francisco_burzi / php-nuke	7.6	7.6.x
francisco_burzi / php-nuke	6.0	6.0.x
francisco_burzi / php-nuke	6.5_final	6.5_final.x
francisco_burzi / php-nuke	6.7	6.7.x
francisco_burzi / php-nuke	6.6	6.6.x
francisco_burzi / php-nuke	6.9	6.9.x
francisco_burzi / php-nuke	7.1	7.1.x
francisco_burzi / php-nuke	6.5_rc1	6.5_rc1.x

Vulnerability Database

289,689

CVE-2005-0433