MidnightBSD

Advisories for paul_laudanski

CVE-2004-2044 HIGH

PHP-Nuke 7.3, and other products that use the PHP-Nuke codebase such as the Nuke Cops betaNC PHP-Nuke Bundle, OSCNukeLite 3.1, and OSC2Nuke 7x do not properly use the eregi() PHP function with $_SERVER['PHP_SELF'] to identify the calling script, which allows remote attackers to directly access scripts, obtain path information via a PHP error message, and possibly gain access, as demonstrated using an HTTP request that contains the "admin.php" string.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
francisco_burzi php-nuke 7.3
francisco_burzi php-nuke 6.5_beta1
francisco_burzi php-nuke 5.4
trustix secure_linux 2.1
francisco_burzi php-nuke 7.2
francisco_burzi php-nuke 6.5_rc1
francisco_burzi php-nuke 6.5_final
francisco_burzi php-nuke 7.1
francisco_burzi php-nuke 5.3.1
francisco_burzi php-nuke 5.0
francisco_burzi php-nuke 6.5
francisco_burzi php-nuke 5.5
francisco_burzi php-nuke 7.0
francisco_burzi php-nuke 6.5_rc2
francisco_burzi php-nuke 6.9
francisco_burzi php-nuke 5.0.1
francisco_burzi php-nuke 6.7
paul_laudanski betanc_php-nuke bundle
francisco_burzi php-nuke 5.2a
francisco_burzi php-nuke 6.5_rc3
francisco_burzi php-nuke 7.0_final
francisco_burzi php-nuke 5.1
francisco_burzi php-nuke 5.2
oscommerce osc2nuke 7x_1.0
francisco_burzi php-nuke 6.6
francisco_burzi php-nuke 5.6
trustix secure_linux 2.0
francisco_burzi php-nuke 6.0