PT-2004-2895 · Php Nuke · Php-Nuke

Published

2004-05-05

Updated

2017-07-11

CVE-2004-1999

CVSS v2.0

4.3

Medium

Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Php-Nuke versions 6.x through 7.2

Description A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary HTML and web script. This is achieved via the ttitle or sid parameters to the "modules.php" endpoint.

Recommendations For Php-Nuke versions 6.x through 7.2, consider restricting access to the vulnerable modules.php endpoint until a fix is available, and avoid using the ttitle and sid parameters in this endpoint to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2004-1999

Affected Products

Php-Nuke

PT-2004-2895 · Php Nuke · Php-Nuke

CVE-2004-1999

Related Identifiers

Affected Products

References · 6