PT-2002-1277 · Php · Php-Nuke
Publicado
2002-05-03
·
Atualizado
2017-07-11
·
CVE-2002-0206
CVSS v2.0
7.5
Alta
| Vetor | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
PHP-Nuke versions 5.3.1 and earlier
Description
The issue allows remote attackers to execute arbitrary PHP code. This is achieved by specifying a URL to the malicious code in the
file parameter of the index.php.Recommendations
For PHP-Nuke versions 5.3.1 and earlier, consider updating to a version later than 5.3.1 to resolve the issue. As a temporary workaround, restrict access to the index.php file to minimize the risk of exploitation. Avoid using the
file parameter in the index.php until the issue is resolved.Exploit
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Php-Nuke