← back
CVE-2004-1912

CVE-2004-1912

EPSS 3.5%
The (1) modules.php, (2) block-Calendar.php, (3) block-Calendar1.php, (4) block-Calendar_center.php scripts in NukeCalendar 1.1.a, as used in PHP-Nuke, allow remote attackers to obtain sensitive information via a URL with an invalid argument, which reveals the full path in an error message.
Affected products
n/a · n/a
public PoCs found4
exploitdbwww.exploit-db.com/exploits/23929unverifiedexploitdbwww.exploit-db.com/exploits/23930unverifiedexploitdbwww.exploit-db.com/exploits/23931unverifiedexploitdbwww.exploit-db.com/exploits/23928unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://marc.info/?l=bugtraq&m=108144168932458&w=2https://exchange.xforce.ibmcloud.com/vulnerabilities/15795http://www.securityfocus.com/bid/10082