PHP-Nuke Path Disclosure Vulnerability
Date: Wednesday, October 22 @ 09:13:31 CEST Topic: Security
SOFTWARE:
PHP-Nuke 7.x
DESCRIPTION:
A vulnerability has been reported in PHP-Nuke allowing malicious people to see the installation path.
The problem is that the search module can't handle certain characters
such as """, ">" and "'". This causes PHP-Nuke to return an error
message that discloses the installation path.
The vulnerability has been reported in version 7.
SOLUTION:
Configure PHP so that error messages aren't returned to the user.
http://www.secunia.com/advisories/10040/
|
|