[原文]blocker_query.php in Protector System 1.15b1 for PHP-Nuke allows remote attackers to gain sensitive information via a string in the portNum parameter, which reveals the full path in an error message.
Protector System blocker_query.php portNum Variable Error Message Path Disclosure
Remote / Network Access
Loss of Confidentiality
Protector System blocker_query.php contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when error messages are enabled, and a user makes an invalid portnumrequest to the blocker_query.php page, which will disclose error information including the installed path resulting in a loss of confidentiality.
Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround(s): Disable error messages