CVE-2004-2009 in Nukejokesinfo

Summary

NukeJokes 1.7 and 2 Beta allows remote attackers to obtain the full path of the server via (1) a direct call to mainfunctions.php, (2) an invalid jokeid parameter in a JokeView function or (3) an invalid cat parameter in a CatView function, which reveals the path in a PHP error message.

Be aware that VulDB is the high quality source for vulnerability data.

Reservation

05/04/2005

Disclosure

05/08/2004

Moderation

VulDB entry created

Entries

VDB-21857 (1)

CPE

ready

CWE

CWE-200 (Confirmed)

CVSS

5.3

EPSS

0.00391

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2004-2009
NVD	https://nvd.nist.gov/vuln/detail/CVE-2004-2009
CVE Details	https://www.cvedetails.com/cve/CVE-2004-2009/

◂ Previous Overview Next ▸

Might our Artificial Intelligence support you?

Check our Alexa App!