Summary
In PHP-Nuke, the sql_layer.php script contains a debugging feature that may be used by attackers to disclose sensitive information about all SQL queries. Access to the debugging feature is not restricted to administrators.
Solution
Add '$sql_debug = 0
' in config.php.
Severity
Classification
-
CVE CVE-2002-2032 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Adobe Reader Information Disclosure Vulnerability Jun05 (Mac OS X)
- Adobe Reader Unspecified Vulnerability (Windows)
- Apple Safari 'Webkit' Information Disclosure Vulnerability (Win)
- Asterisk SIP Response Username Enumeration Remote Information Disclosure Vulnerability
- Adobe Reader Cross-Site Scripting & Denial of Service Vulnerabilities (Linux)