Nuked-Klan PHP Function Execution Vulnerability

vendor:

Nuked-Klan

by:

SecurityFocus

CVSS

MEDIUM

Insufficient sanitization of user-supplied URI parameters

CWE

Product Name: Nuked-Klan

Affected Version From: Nuked-Klan beta 1.3

Affected Version To: Nuked-Klan beta 1.3

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2002

Nuked-Klan PHP Function Execution Vulnerability

A vulnerability has been discovered in Nuked-Klan which may be exploited to execute certain PHP functions on a target server. This issue occurs in the 'Team', 'News', and 'Lien' modules and is due to insufficient sanitization of user-supplied URI parameters. This issue may be exploited by a remote attacker to obtain sensitive server information, which could aid in launching further attacks against a target system.

Mitigation:

Input validation should be used to ensure that user-supplied data is properly sanitized.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/6917/info

A vulnerability has been discovered in Nuked-Klan which may be exploited to execute certain PHP functions on a target server. This issue occurs in the 'Team', 'News', and 'Lien' modules and is due to insufficient sanitization of user-supplied URI parameters.

This issue may be exploited by a remote attacker to obtain sensitive server information, which could aid in launching further attacks against a target system.

The vulnerability was reported for Nuked-Klan beta 1.3; earlier versions may also be affected. 

http://www.example.org/index.php?file=Team&op=phpinfo
http://www.example.org/index.php?file=News&op=phpinfo
http://www.example.org/index.php?file=Liens&op=phpinfo