Vulnerability Details CVE-2004-2296
The preview_review function in the Reviews module in PHP-Nuke 6.0 to 7.3, when running on Windows systems, allows remote attackers to obtain sensitive information via an invalid date parameter, which generates an error message.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 8.4%
CVSS Severity
CVSS v2 Score 5.0
References
- http://secunia.com/advisories/11852
- http://www.osvdb.org/7001
- http://www.securityfocus.com/archive/1/365865
- http://www.securityfocus.com/bid/10524
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16408
- http://secunia.com/advisories/11852
- http://www.osvdb.org/7001
- http://www.securityfocus.com/archive/1/365865
- http://www.securityfocus.com/bid/10524
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16408
Products affected by CVE-2004-2296
-
cpe:2.3:a:francisco_burzi:php-nuke:6.0
-
cpe:2.3:a:francisco_burzi:php-nuke:6.5
-
cpe:2.3:a:francisco_burzi:php-nuke:6.5_beta1
-
cpe:2.3:a:francisco_burzi:php-nuke:6.5_final
-
cpe:2.3:a:francisco_burzi:php-nuke:6.5_rc1
-
cpe:2.3:a:francisco_burzi:php-nuke:6.5_rc2
-
cpe:2.3:a:francisco_burzi:php-nuke:6.5_rc3
-
cpe:2.3:a:francisco_burzi:php-nuke:6.6
-
cpe:2.3:a:francisco_burzi:php-nuke:6.7
-
cpe:2.3:a:francisco_burzi:php-nuke:6.9
-
cpe:2.3:a:francisco_burzi:php-nuke:7.0
-
cpe:2.3:a:francisco_burzi:php-nuke:7.0_final
-
cpe:2.3:a:francisco_burzi:php-nuke:7.1
-
cpe:2.3:a:francisco_burzi:php-nuke:7.2
-
cpe:2.3:a:francisco_burzi:php-nuke:7.3