PT-2001-1601 · Php · Php-Nuke

Publicado

2001-06-18

Atualizado

2017-10-10

CVE-2001-0383

CVSS v2.0

5.0

Média

Vetor

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions PHP-Nuke versions 4.4 and earlier

Description The issue allows remote attackers to modify banner ad URLs without authentication by directly calling the Change operation in the banners.php file.

Recommendations For PHP-Nuke versions 4.4 and earlier, consider restricting access to the banners.php file until a patch is available. As a temporary workaround, implement authentication requirements for the Change operation to prevent unauthorized modifications.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2001-0383

Produtos afetados

Php-Nuke

PT-2001-1601 · Php · Php-Nuke

CVE-2001-0383

Identificadores relacionados

Produtos afetados

Referências · 7