PT-2011-3161 · Php Nuke · Php-Nuke

Published

2011-06-21

Updated

2018-08-13

CVE-2011-1482

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions PHP-Nuke versions 8.0 and earlier

Description The issue allows remote attackers to hijack the authentication of administrators for requests, including adding user accounts or granting administrative privileges to a user account. This is related to a Referer check that uses a substring comparison in the mainfile.php file.

Recommendations For PHP-Nuke versions 8.0 and earlier, consider disabling the functionality related to adding user accounts and granting administrative privileges until a proper fix is applied, to minimize the risk of exploitation. Restrict access to the mainfile.php file to prevent unauthorized requests.

Exploit

Fix

CSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-352

Related Identifiers

CVE-2011-1482

Affected Products

Php-Nuke

PT-2011-3161 · Php Nuke · Php-Nuke

CVE-2011-1482

Weakness Enumeration

Related Identifiers

Affected Products

References · 5