header-logo
Suggest Exploit
vendor:
PHP-Nuke
by:
Unknown
5.5
CVSS
MEDIUM
Denial of Service
20
CWE
Product Name: PHP-Nuke
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: YES
Related CWE: CVE-2003-0721
CPE: a:php-nuke:php-nuke
Metasploit:
Other Scripts:
Platforms Tested:
2003

Denial of Service Vulnerability in PHP-Nuke

The modules.php script used by PHP-Nuke is vulnerable to a denial of service attack due to improper validation of some URI parameters. An attacker can exploit this vulnerability by modifying certain parameters in a request for the modules.php script, which will prevent visitors from creating new accounts and cause a denial of service.

Mitigation:

Apply the vendor-provided patch or upgrade to a patched version of PHP-Nuke to mitigate this vulnerability.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/6465/info

A denial of service vulnerability has been reported for the modules.php script used by PHP-Nuke. The vulnerability occurs because the modules.php script does not properly validate some URI parameters.

An attacker can exploit this vulnerability by modifying certain parameters when making a request for the modules.php script. This will prevent visitors to the site hosting PHP-Nuke from creating a new account thereby leading to a denial of service vulnerability. 

http://target.com/modules.php?name=Your_Account&op=userinfo&uname=

Navigation

Suggest Exploit

Services By CQR