Vulnerabilities > CVE-2004-1956 - Cross-Site Scripting And Path Disclosure vulnerability in Postnuke Software Foundation Postnuke 0.726
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
PostNuke 0.7.2.6 allows remote attackers to gain information via a direct HTTP request to files in the (1) includes/blocks directory, (2) pnadodb directory, (3) NS-NewUser module, (4) NS-Your_Account, (5) NS-LostPassword module, or (6) NS-User module which reveals the path to the web server in a PHP error message.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |