Vulnerabilities > CVE-2004-1912 - Multiple vulnerability in NukeCalendar
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
The (1) modules.php, (2) block-Calendar.php, (3) block-Calendar1.php, (4) block-Calendar_center.php scripts in NukeCalendar 1.1.a, as used in PHP-Nuke, allow remote attackers to obtain sensitive information via a URL with an invalid argument, which reveals the full path in an error message.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 | |
| Application | 1 |
Exploit-Db
description NukeCalendar 1.1 .a block-Calendar.php Path Disclosure. CVE-2004-1912 . Webapps exploit for php platform id EDB-ID:23929 last seen 2016-02-02 modified 2004-04-08 published 2004-04-08 reporter Janek Vind source https://www.exploit-db.com/download/23929/ title NukeCalendar 1.1.a - block-Calendar.php Path Disclosure description NukeCalendar 1.1 .a block-Calendar1.php Path Disclosure. CVE-2004-1912. Webapps exploit for php platform id EDB-ID:23930 last seen 2016-02-02 modified 2004-04-08 published 2004-04-08 reporter Janek Vind source https://www.exploit-db.com/download/23930/ title NukeCalendar 1.1.a - block-Calendar1.php Path Disclosure description NukeCalendar 1.1 .a block-Calendar_center.php Path Disclosure. CVE-2004-1912. Webapps exploit for php platform id EDB-ID:23931 last seen 2016-02-02 modified 2004-04-08 published 2004-04-08 reporter Janek Vind source https://www.exploit-db.com/download/23931/ title NukeCalendar 1.1.a - block-Calendar_center.php Path Disclosure description NukeCalendar 1.1 .a modules.php Path Disclosure. CVE-2004-1912. Webapps exploit for php platform id EDB-ID:23928 last seen 2016-02-02 modified 2004-04-08 published 2004-04-08 reporter Janek Vind source https://www.exploit-db.com/download/23928/ title NukeCalendar 1.1.a - modules.php Path Disclosure