Vulnerabilities > Francisco Burzi > PHP Nuke > 6.5
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2004-03-22 | CVE-2004-1839 | Remote Path Disclosure vulnerability in PHP-Nuke MS-Analysis Module MS Analysis module 2.0 for PHP-Nuke allows remote attackers to obtain sensitive information via a direct request to (1) browsers.php, (2) mstrack.php, or (3) title.php, which reveal the full path in a PHP error message. | 5.0 |
| 2003-12-31 | CVE-2003-1547 | Cross-Site Scripting vulnerability in Francisco Burzi PHP-Nuke Cross-site scripting (XSS) vulnerability in block-Forums.php in the Splatt Forum module for PHP-Nuke 6.x allows remote attackers to inject arbitrary web script or HTML via the subject parameter. | 4.3 |
| 2003-12-31 | CVE-2003-1468 | Information Exposure vulnerability in Francisco Burzi PHP-Nuke The Web_Links module in PHP-Nuke 6.0 through 6.5 final allows remote attackers to obtain the full web server path via an invalid cid parameter that is non-numeric or null, which leaks the pathname in an error message. | 4.3 |