vendor:
htmltonuke
by:
Cold z3ro
7.5
CVSS
HIGH
Remote File Include
CWE
Product Name: htmltonuke
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
htmltonuke 2.0alpha for postnuke & PHP-Nuke(htmltonuke.php) Remote File Include Vulnerabilities
The htmltonuke.php file in htmltonuke 2.0alpha for postnuke and PHP-Nuke allows remote attackers to include and execute arbitrary files via a URL in the filnavn parameter.
Mitigation:
Update to a patched version of htmltonuke or implement input validation and sanitization to prevent remote file inclusion vulnerabilities.