| VID |
22056 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
WWW |
| Detailed Description |
The PHP Nuke allows remote users to read arbitrary files on the web server. PHP-Nuke is an open source webpage portal that powers many websites on the net.
A security vulnerability in the PHP-Nuke 5.2 and prior allows attackers to cause it to copy files from and to anywhere on the operating system hard drives (and thus gain access to or overwrite sensitive files). This would allow an attacker to completely compromise the affected host.
* References:
http://www.iss.net/security_center/static/7170.php |
| Recommendation |
Change the following line in admin.php:
"if($upload) {"
To
"if (($upload) && ($admintest)) {"
Or upgrade to the latest version (Version 5.3 and above) from www.phpnuke.org. |
| Related URL |
CVE-2001-1032 (CVE) |
| Related URL |
3361 (SecurityFocus) |
| Related URL |
(ISS) |
|
