Sensitive Information Disclosure in PHP-Nuke Reviews Module

Sensitive Information Disclosure in PHP-Nuke Reviews Module

CVE-2004-2296 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

The preview_review function in the Reviews module in PHP-Nuke 6.0 to 7.3, when running on Windows systems, allows remote attackers to obtain sensitive information via an invalid date parameter, which generates an error message.

Learn more about our Web Application Penetration Testing UK.