Path Disclosure Vulnerability in PHP-Nuke Web_Links Module

CVE-2003-1468 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:N/A:N

The Web_Links module in PHP-Nuke 6.0 through 6.5 final allows remote attackers to obtain the full web server path via an invalid cid parameter that is non-numeric or null, which leaks the pathname in an error message.

Learn more about our Web App Pen Testing.