PHP Nuke Error Message Web Root Disclosure Vulnerability

PHP-Nuke is a popular web based Portal system. It allows users to create accounts and contribute content to the site.

A vulnerability has been reported in some versions of PHP-Nuke. Reportedly, a maliciously constructed HTTP request will cause the index.php script to return an error message which includes the full path of the script.

It has been suggested that this is the result of an insecure server configuration.


Privacy Statement
Copyright 2010, SecurityFocus