Squid

**Name of the Vulnerable Software and Affected Versions** PHP-Nuke versions 7.3 and earlier Nuke Cops betaNC PHP-Nuke Bundle (affected versions not specified) OSCNukeLite version 3.1 OSC2Nuke versions 7.x **Description** The issue arises from the improper use of the `eregi()` PHP function with `$ SERVER['PHP SELF']` to identify the calling script. This allows remote attackers to directly access scripts, obtain path information via a PHP error message, and possibly gain access. An example of exploitation is demonstrated using an HTTP request that contains the "admin.php" string. **Recommendations** For PHP-Nuke version 7.3 and earlier, update the code to properly utilize the `eregi()` function with `$ SERVER['PHP SELF']`. For Nuke Cops betaNC PHP-Nuke Bundle, review and modify the codebase to ensure proper identification of the calling script. For OSCNukeLite version 3.1, apply a patch or update that fixes the improper use of the `eregi()` function. For OSC2Nuke versions 7.x, modify the code to correctly validate the calling script using the `eregi()` function and `$ SERVER['PHP SELF']`.