CVE-2004-2362

PHPX 3.2.6 and earlier allows remote attackers to obtain the physical path of PHPX via a null or invalid value in the limit parameter, which leaks the pathname in a database error message, as demonstrated using forums.php.

Affected Software

Name	Vendor	Start Version	End Version
Phpx	Phpx	1.0.7 (including)	1.0.7 (including)
Phpx	Phpx	1.0.10 (including)	1.0.10 (including)
Phpx	Phpx	1.0.14 (including)	1.0.14 (including)
Phpx	Phpx	2.1.0 (including)	2.1.0 (including)
Phpx	Phpx	2.2.0 (including)	2.2.0 (including)
Phpx	Phpx	2.2.1 (including)	2.2.1 (including)
Phpx	Phpx	2.2.3 (including)	2.2.3 (including)
Phpx	Phpx	2.2.4 (including)	2.2.4 (including)
Phpx	Phpx	3.0.0 (including)	3.0.0 (including)
Phpx	Phpx	3.0.1 (including)	3.0.1 (including)
Phpx	Phpx	3.0.2 (including)	3.0.2 (including)
Phpx	Phpx	3.0.3 (including)	3.0.3 (including)
Phpx	Phpx	3.0.4 (including)	3.0.4 (including)
Phpx	Phpx	3.0.5 (including)	3.0.5 (including)
Phpx	Phpx	3.0.6 (including)	3.0.6 (including)
Phpx	Phpx	3.0.7 (including)	3.0.7 (including)
Phpx	Phpx	3.1.0 (including)	3.1.0 (including)
Phpx	Phpx	3.1.1 (including)	3.1.1 (including)
Phpx	Phpx	3.1.2 (including)	3.1.2 (including)
Phpx	Phpx	3.1.3 (including)	3.1.3 (including)
Phpx	Phpx	3.1.4 (including)	3.1.4 (including)
Phpx	Phpx	3.2.0 (including)	3.2.0 (including)
Phpx	Phpx	3.2.1 (including)	3.2.1 (including)
Phpx	Phpx	3.2.2 (including)	3.2.2 (including)
Phpx	Phpx	3.2.3 (including)	3.2.3 (including)
Phpx	Phpx	3.2.4 (including)	3.2.4 (including)
Phpx	Phpx	3.2.5 (including)	3.2.5 (including)
Phpx	Phpx	3.2.6 (including)	3.2.6 (including)

NVD	https://nvd.nist.gov/vuln/detail/CVE-2004-2362
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html

Affected Software

References