PHP-Nuke Path Disclosure Vulnerability
Date: Wednesday, October 22 @ 09:13:31 CEST
Topic: Security


SOFTWARE:
PHP-Nuke 7.x DESCRIPTION:
A vulnerability has been reported in PHP-Nuke allowing malicious people to see the installation path. The problem is that the search module can't handle certain characters such as """, ">" and "'". This causes PHP-Nuke to return an error message that discloses the installation path. The vulnerability has been reported in version 7. SOLUTION:
Configure PHP so that error messages aren't returned to the user. http://www.secunia.com/advisories/10040/







This article comes from NukeCops
http://www.nukecops.com

The URL for this story is:
http://www.nukecops.com/modules.php?name=News&file=article&sid=859