CVE-2001-0854

Name of the Vulnerable Software and Affected Versions PHP-Nuke version 5.2

Description The issue allows remote attackers to copy and delete arbitrary files. This is achieved by calling case.filemanager.php with admin.php as an argument, which manipulates the $PHP SELF variable. As a result, it appears that case.filemanager.php is being called by admin.php instead of the user.

Recommendations For PHP-Nuke version 5.2, consider restricting access to the case.filemanager.php file until a proper fix is available. Additionally, review the configuration and permissions of the $PHP SELF variable to prevent manipulation.