CVE-2004-1830

Error Manager 2.1 - Info Disclosure

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-1830. PoCs published by Janek Vind.

AI-analyzed exploit summary The provided text describes multiple vulnerabilities in Error Manager, including XSS, information disclosure, and HTML injection due to lack of input validation. It includes a sample URL demonstrating the vulnerability but lacks executable exploit code.

Description

error.php in Error Manager 2.1 for PHP-Nuke 6.0 allows remote attackers to obtain sensitive information via an invalid (1) language, (2) newlang, or (3) lang parameter, which leaks the pathname in a PHP error message.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Janek Vind · textwebappsphp
https://www.exploit-db.com/exploits/23844

The provided text describes multiple vulnerabilities in Error Manager, including XSS, information disclosure, and HTML injection due to lack of input validation. It includes a sample URL demonstrating the vulnerability but lacks executable exploit code.

Classification
Writeup 90%
Attack Type
Xss | Info Leak
Complexity
Trivial
Reliability
Theoretical
Target: Error Manager (specific version not specified)
No auth needed
Prerequisites: Access to the vulnerable Error Manager instance
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/15524
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/4386
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/11164
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/9911
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=107963064317560&w=2

Scores

EPSS 0.0279
EPSS Percentile 84.5%

Details

Status published
Products (1)
francisco_burzi/php-nuke 6.0
Published Mar 18, 2004
Tracked Since Feb 18, 2026