PT-2007-2910 · Php Nuke · Php-Nuke
Ascii
+3
·
Published
2007-03-20
·
Updated
2024-02-14
·
CVE-2007-1520
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
PHP-Nuke versions 8.0 and earlier
Description
The issue concerns a problem with cross-site request forgery (CSRF) protection. It does not properly validate the HTTP REFERER, allowing remote attackers to conduct CSRF attacks.
Recommendations
For PHP-Nuke versions 8.0 and earlier, ensure the SERVER superglobal is validated as an array before checking the HTTP REFERER to prevent CSRF attacks.
Exploit
Fix
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Php-Nuke