9 lines
No EOL
527 B
Text
9 lines
No EOL
527 B
Text
source: http://www.securityfocus.com/bid/4333/info
|
|
|
|
PHP-Nuke is a popular web based Portal system. It allows users to create accounts and contribute content to the site.
|
|
|
|
A vulnerability has been reported in some versions of PHP-Nuke. Reportedly, a maliciously constructed HTTP request will cause the index.php script to return an error message which includes the full path of the script.
|
|
|
|
It has been suggested that this is the result of an insecure server configuration.
|
|
|
|
http://www.site.com/index.php?file=index.php |