header-logo
Suggest Exploit
vendor:
PHP-Nuke
by:
Unknown
5.5
CVSS
MEDIUM
Access control bypass
Unknown
CWE
Product Name: PHP-Nuke
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: Unknown
Related CWE: Unknown
CPE: Unknown
Metasploit:
Other Scripts:
Platforms Tested: Unknown
Unknown

Access Control Bypass in PHP-Nuke

A PHP-Nuke superuser can bypass access controls and privilege restrictions to delete the PHP-Nuke 'God Admin' account by making a specially crafted request for the 'admin.php' script.

Mitigation:

Unknown
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/10861/info

PHP-Nuke is reported prone to an access control bypass vulnerability.

Reports indicate that a PHP-Nuke superuser may bypass access controls and privilege restrictions, to delete the PHP-Nuke "God Admin" account. This may be accomplished by making a specially crafted request for the "admin.php" script.

http://www.example.com/phpnuke/admin.php?op=deladmin2&del_aid=dudul

Where "dudul" is the name of the target "God Admin" account.

Navigation

Suggest Exploit

Services By CQR