CVE-2007-5092

Name of the Vulnerable Software and Affected Versions phpNuke Dance Music module (affected versions not specified)

Description The issue concerns a directory traversal vulnerability in the index.php file of the Dance Music module for phpNuke. This vulnerability can be exploited when the register globals setting is enabled, allowing remote attackers to include and execute arbitrary local files. The exploitation is achieved by using a .. (dot dot) sequence in an ACCEPT FILE array parameter to the "modules.php" endpoint.

Recommendations For the phpNuke Dance Music module, consider disabling the register globals setting to prevent exploitation. As a temporary workaround, restrict access to the "modules.php" endpoint to minimize the risk of exploitation. Avoid using the ACCEPT FILE array parameter in the "modules.php" endpoint until the issue is resolved.