PT-2008-5978 · Php Nuke · Php-Nuke
Published
2008-10-28
·
Updated
2019-07-01
·
CVE-2008-4767
CVSS v2.0
9.0
High
| Vector | AV:N/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
PHP-Nuke (affected versions not specified)
Description
The issue allows remote attackers to potentially execute arbitrary code by uploading files with certain extensions, including
.htm, .html, or .txt, and then accessing them directly. However, it is unclear how the upload of .html or .txt files could lead to arbitrary code execution, as this might be a legitimate functionality.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Php-Nuke