PHP-Nuke 7.3, and other products that use the PHP-Nuke codebase such as the Nuke Cops betaNC PHP-Nuke Bundle, OSCNukeLite 3.1, and OSC2Nuke 7x do not properly use the eregi() PHP function with $_SERVER['PHP_SELF'] to identify the calling script, which allows remote attackers to directly access scripts, obtain path information via a PHP error message, and possibly gain access, as demonstrated using an HTTP request that contains the "admin.php" string.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| francisco_burzi | php-nuke | 7.3 |
| francisco_burzi | php-nuke | 6.5_beta1 |
| francisco_burzi | php-nuke | 5.4 |
| trustix | secure_linux | 2.1 |
| francisco_burzi | php-nuke | 7.2 |
| francisco_burzi | php-nuke | 6.5_rc1 |
| francisco_burzi | php-nuke | 6.5_final |
| francisco_burzi | php-nuke | 7.1 |
| francisco_burzi | php-nuke | 5.3.1 |
| francisco_burzi | php-nuke | 5.0 |
| francisco_burzi | php-nuke | 6.5 |
| francisco_burzi | php-nuke | 5.5 |
| francisco_burzi | php-nuke | 7.0 |
| francisco_burzi | php-nuke | 6.5_rc2 |
| francisco_burzi | php-nuke | 6.9 |
| francisco_burzi | php-nuke | 5.0.1 |
| francisco_burzi | php-nuke | 6.7 |
| paul_laudanski | betanc_php-nuke | bundle |
| francisco_burzi | php-nuke | 5.2a |
| francisco_burzi | php-nuke | 6.5_rc3 |
| francisco_burzi | php-nuke | 7.0_final |
| francisco_burzi | php-nuke | 5.1 |
| francisco_burzi | php-nuke | 5.2 |
| oscommerce | osc2nuke | 7x_1.0 |
| francisco_burzi | php-nuke | 6.6 |
| francisco_burzi | php-nuke | 5.6 |
| trustix | secure_linux | 2.0 |
| francisco_burzi | php-nuke | 6.0 |