CVE-2001-1032

Name of the Vulnerable Software and Affected Versions PHP-Nuke versions 5.2 and earlier, except 5.0RC1

Description The issue allows remote attackers to copy and upload arbitrary files and read the PHP-Nuke configuration file by directly calling the "admin.php" endpoint with an upload parameter and specifying the file to copy. This is due to the lack of login credential checks for upload operations in the affected versions.

Recommendations For PHP-Nuke versions 5.2 and earlier, except 5.0RC1, consider restricting access to the "admin.php" endpoint to prevent unauthorized file uploads until a fix is available. As a temporary workaround, disable the upload functionality in "admin.php" to minimize the risk of exploitation.