Vulnerabilities > CVE-2004-1956 - Cross-Site Scripting And Path Disclosure vulnerability in Postnuke Software Foundation Postnuke 0.726

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
postnuke-software-foundation

Summary

PostNuke 0.7.2.6 allows remote attackers to gain information via a direct HTTP request to files in the (1) includes/blocks directory, (2) pnadodb directory, (3) NS-NewUser module, (4) NS-Your_Account, (5) NS-LostPassword module, or (6) NS-User module which reveals the path to the web server in a PHP error message.

Vulnerable Configurations

Part Description Count
Application
Postnuke_Software_Foundation
1