PT-2002-1277 · Php · Php-Nuke
Published
2002-05-03
·
Updated
2017-07-11
·
CVE-2002-0206
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
PHP-Nuke versions 5.3.1 and earlier
Description
The issue allows remote attackers to execute arbitrary PHP code. This is achieved by specifying a URL to the malicious code in the
file parameter of the index.php.Recommendations
For PHP-Nuke versions 5.3.1 and earlier, consider updating to a version later than 5.3.1 to resolve the issue. As a temporary workaround, restrict access to the index.php file to minimize the risk of exploitation. Avoid using the
file parameter in the index.php until the issue is resolved.Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Php-Nuke