| VID |
21253 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The viewpage.php script in the PHP-Nuke allows remote attackers to read arbitrary files by specifying the filename as an argument to the file parameter.
PHP-Nuke is an open-source program for creating and managing news-based Web sites created by Francisco Burzi. Successfully exploiting this vulnerability, a remote attacker could read arbitrary files on the affected Web server with the privileges of the HTTP daemon.
* References:
http://www.securityfocus.com/archive/1/316179
* Platforms Affected:
PHP-Nuke 6.5 and earlier
UNIX/Linux Any version
Windows Any version |
| Recommendation |
Upgrade to the latest version of PHP-Nuke (6.5 or later), available from the PHP-Nuke Developer's Official Web site, http://www.phpnuke.org .
-- AND --
Apply the Sec-Fix Patch 4 for PHP-Nuke 6.5, available from http://www.nukestyles.com
-- OR --
De-install this package and use something else. |
| Related URL |
CVE-2003-1545 (CVE) |
| Related URL |
7191 (SecurityFocus) |
| Related URL |
(ISS) |
|
